Don’t Get Hooked by These Holiday Phishing Scams

Knowing that more shoppers will be using the internet during the holiday season, cyber criminals are beginning to mount their seasonal campaigns to get their hands on your wallet or personal information. I reported on some of these scams last year (Holiday Gift Card Scams Use Facebook to Lure You into Disclosing Personal Information) and you can expect these same scams to make the rounds again. However, in addition to these traditional seasonal exploits, you can expect a few new ones to be showing up as phishing emails in your mailbox. In this post, I’ll look at three new exploits that are enjoying, or will enjoy, a high success rate.

The Fake Ikea Receipt Scam

There are a variety of these “Thank you for your order” emails which appear to be coming from Ikea. The email looks good on the surface. It bears all the earmarks of a true order confirmation email.

ikea scam

Even if you did not order anything from Ikea, the email’s official look may make you curious. You may think that someone might have ordered something for you. You might think someone has stolen your identity or gotten control of your credit card and bought something from Ikea. Your curiosity may lead you to open an attached Word or Excel document to see what’s going on. If you do this, however, your computer will be infected with a number of Trojans, one of which (Dridex) may target your bank account. Thus, when you check online to see if everything is all right with your bank account, you’ll compromise it the moment you sign in. That’s because the Trojan will steal your sign-in credentials.

According to one analyst, these emails have begun targeting small and medium-sized businesses because 1) those who open the email may not be really sure if someone in the company has actually ordered something from Ikea and may, then, check the attached files and, 2) companies have more money in their bank accounts than individuals.

In October, the FBI launched an attack against those behind the Dridex Trojan and arrested its supposed creator, Andrey Ghinkul. Although this may have slowed the attack, it seems to be making a comeback in time for the holidays. For the moment, (and only for the moment) this attack targets Windows users. The attack has succeeded in many countries including the US and UK. Tens of millions of dollars have already been stolen by attackers using this exploit. The malware has been found to evade all popular antivirus detection. In other words, be on the lookout for this exploit.

The Multiple-Brand WhatsApp Scam

This scam uses several well-known business logos to trick the user into taking a fake survey. So far, the businesses compromised are McDonald’s, KFC, 7-Eleven, H&M, Spar, Walmart, and, once again, Ikea. Taking the survey will, theoretically, allow the recipient to qualify for a lucrative gift certificate. However, in the end, you have to agree to help the scammers and compromise your friends to get the certificate. The scam is delivered through the WhatsApp messaging platform and begins with something that looks like this:

hm survey

The date will match the current date and the message will be in the language of the receiver’s location. The message may vary with location (the above message is more targeted than most) but the normal message says that “x company is expanding to your area”. In any event, if the victim answers 4 questions, they will qualify for a limited number of gift certificates. After taking the survey, the victim will get the following messages.

hm survey2

The victim will be surprised and delighted to find that they have qualified for the gift certificate. Now, all they have to do is share this post 10 times and give some shipping details and they are in the money. Notice also that they have a limited time (234 seconds) to do this or they will lose the certificate.

So what happens to you if you fall for this scam? A number of outcomes are possible. You may find you have subscribed to premium, and costly, SMS numbers. You could have unwanted apps installed on your device. In another scenario, you will be sent to a web page that says your computer (if you’re using a computer) has a virus and that if you leave that page without calling a certain number, your hard drive will have all of its contents deleted. Don’t worry. This won’t really happen. Oh, and by the way, you won’t get any gift certificate.

The problem with this attack is that it could be easily modified to do far more damage. The fact that it targets different languages, has a believable look (the use of trusted businesses), and an innovative mode of attack makes this malware especially effective. Since it makes use of unwitting accomplices to spread the malware, the chance of it infecting large numbers of users is high.

The Star Wars Ticket Scam

Here’s one that will certainly fool a lot of people. It takes advantage of Star Wars fanatics who will do just about anything to get their hands on tickets to the new film. You may be one of the ‘lucky’ people finding the following in your email.

star wars scam

On the surface this looks pretty good. After all, the address seems to show that it’s from what seems to be a legitimate Star Wars promotion team. What could possibly go wrong?

Well, whatever goes wrong will be connected to those two links at the bottom of the email. Although this was recently picked as the scam of the week by the Knowbe4 website, little is really known about it. My guess is that it will actually lead you to fill out some sort of survey so that the attackers can get your personal information. It is unclear what viewing the trailer could lead to and that’s the point with this kind of attack. They can lead you into doing almost anything, including downloading malware, that can take full control of your computer. Most of the time, however, this sort of scam will force you to visit a page that you don’t want to visit or download an app that you don’t want to have. They may try to make you pay some sort of ransom. You just don’t know.

The best advice when you get any email with links is to hover over the link and see (usually in the lower left hand corner of your screen) if it seems to be legitimate. Still, the best advice is to not click on links or attachments at all. When it comes to an attachment, make sure you know who sent it to you. Even if it seems to have come from a friend (and it really may have come from a friend but without the friend knowing it), the best advice is to check with the friend to see if they actually sent this to you. In short, trust no one; an unfortunate bit of advice for the holiday season. T’is the season to be wary.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s