In November, GFI threat researchers encountered email threats disguised as notices from American Express, DHL and UPS as the holiday season kicked into full gear, as well as a phony Twitter Video application on Facebook and mobile malware disguised as the latest Angry Birds game.
“One unfortunate reality about the holiday season is that while many people choose to spread good cheer, Internet users can also count on cybercriminals to spread malware. They prey on the stresses of last-minute gift buying, hoping to distract consumers from being cautious with their personal information online,” said Christopher Boyd, senior threat researcher at GFI Software.
“Cybercriminals have a large pool of potential victims at this time of year as more and more people flock to online shops to buy holiday gifts and ship them with their favorite package delivery company. No matter how crazy the season gets, users need to remember to practice the same good habits such as double checking the source of email messages and confirming the destination of links before clicking,” Boyd added.
One cybercrime campaign delivered fake DHL Express delivery notifications to users’ inboxes claiming that DHL was unable to make a delivery to the victims’ addresses and that they needed to go to their local DHL office to present a postal receipt and claim the package.
Users attempting to print their receipt were redirected to a number of websites leading to a phony antivirus program which infected users’ machines, blocked other applications from running, caused pop-ups and redirected victims to messages designed to scare them into purchasing the fake antivirus software. Another international shipping company, UPS, also had its brand hijacked for a similar malware campaign.
American Express customers were targeted with malicious email campaigns designed to infect users’ systems. One claimed that a money transfer had been aborted and contained a number of links to “review the billing statement” and “set alert preferences.”
If a user clicked any of these links, they were redirected to a malicious site and infected with Cridex if the Blackhole exploit kit housed there detected any unpatched vulnerabilities on their machine.
GFI found that users also continued to be at risk of falling for other familiar scams in November. Twitter users were the victim of malicious direct messages linking to a phishing page disguised as a “Twitter Video” application on Facebook.
Users who clicked on the link and submitted their login credentials to the cybercriminals were also infected with a Trojan disguised as an Adobe Flash Player update.
Elsewhere, Android users looking to try the new Angry Birds Star Wars game without visiting the legitimate Google Play store may have also come across a fake version of the game that contained a Boxer Trojan. Users who installed the application had their phones hijacked to send premium SMS messages before being redirected to a legitimate download of the actual game.