Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Scammers Exploit Vacation Hangover with Malware Attacks

Created: 15 Jan 2014 07:35:27 GMT • Updated: 23 Jan 2014 18:01:59 GMT • Translations available: 日本語
Christopher Mendes's picture
+2 2 Votes
Login to vote

It’s not surprising to see scammers exploiting the laxity of Internet users.

Symantec has observed another malware wave over the past few days following the holiday season. Many users check their utility and other official emails post-vacation to see if they missed out important messages. This is where spammers take a chance and hope that users will click on malicious links in their emails.

In this latest wave of attacks, spammers are taking advantage of users’ desire to open and respond to urgent emails right away. When this happens, the malware infects users’ computers and extracts confidential data.

Last week, I too, received some of these scam emails posing as delivery failure notifications from well-known stores with an online presence, stating that I missed the delivery of a couple of parcels while I was away on vacation.

At first, I wondered how this was possible since I hadn’t placed any orders, and wondered if they might be surprise gifts. However, just before clicking the link contained in the email, I checked the status bar only to find that it had been spoofed. My level of suspicion was raised even further by the language and grammatical errors found in the email, as shown in Figure 1.

figure1_10.png

Figure 1. Spam email with grammatical errors and malicious link

Similarly, I also received an email in which the spammer masqueraded as another well-known brand, making the message appear to be a statement, while embedding a malicious link. Fortunately, there was a discrepancy between the template used by the brand and the email headers which belonged to another email. Upon further inspection, I discovered that the embedded link contained malware. The spam also used a hijacked URL as shown in Figure 2.
 
figure2_9.png
Figure 2. Another delivery failure spam email

Another email I received invited me to attend the funeral of someone I did not know. I began to check if I knew the family, or if it was a college friend or neighbor, but then discovered that the link in the email was malicious.

figure3_5.png
Figure 3. Funeral invitation spam email

This type of spam requires users to adopt a two-pronged approach – to be on guard while sieving through emails, and be on the lookout for mistakes made by the scammers.

A lot of these spam emails are full of grammatical errors, faulty sentence structure, tactical errors such as spoofing one retail operator and associating the email headers with a competitor. Another tactic employed envolves the use of hijacked domains and URLs, which are rotated and recycled over time, but have no association with the brands or entity that the email claims to be from.

While you are overcoming your post-holiday blues, Symantec recommends that you exercise diligence when dealing with your emails, and not to let scammers exploit your vacation hangover.