Fake iTunes gift certificate delivers a load of malware for Black Friday shoppers

Filed Under: Data loss, Malware, Phishing, Vulnerability

Criminals are banking on post-Thanksgiving turkey-eating coma and Black Friday shopping frenzy in the US to trick American internet users to click through to malware posing as a $50 iTunes gift certificate.

(Black Friday is the name given to the Friday after US Thanksgiving, when frenzied seasonal shopping typically starts.)

The research team from German email security provider eleven wrote on Monday about a wave of emails allegedly containing vouchers to the iTunes Store.

The spoofed email is purportedly from the iTunes Store, the subject line reads iTunes Gift Certificate, and the message includes an attachment that supposedly contains a certificate code:

The attachment is a ZIP file containing malware. (Sophos detects this file as Mal/BredoZp-B.)

As the holidays ramp up, so do scams like this. It's understandable that cash-strapped holiday shoppers might be click-happy enough to try to lighten their holiday with $50 worth of free music, video and games.

Avoiding click-candy like this phony iTunes certificate is one way to keep cyber-safe over the holidays.

Here are some other things to watch out for, adapted from a list posted by USA Today:

* Beware bogus forms. Beware emails and pop-up messages that ask you to type your account username and password, credit card number or personal information such as Social Security number and date of birth. Legitimate organizations don't solicit sensitive information via email.

* Don't blindly believe urgent, personalized warnings. Phishers often claim that you need to take urgent action with official organisations such as IRS (taxation), Social Security or the Department of Motor Vehicles.

* Don't fall for that cute-baby photo. Even if you recognise the sender's name, don't open attachments. Distrust all email until and unless you've verified that the sender actually intended you to get the message and can vouch for its content.

Happy Thanksgiving, stay safe, and may your holiday shopping sprees be festooned with real coupons and real deals, not stinkers like this iTunes bait.

, , ,

You might like

One Response to Fake iTunes gift certificate delivers a load of malware for Black Friday shoppers

  1. mojosam · 979 days ago

    It would be helpful, in cases like this, to indicate what manual steps are required for the malware to infect the computer. For instance, is it necessary to:

    * open the zip file attachment?
    * open the executable program within the zip file?
    * provide a password when prompted?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.