Security Corner

Nov 24 2011   1:31PM GMT

Beware fake iTunes gift certificate malware

Ken Harthun Ken Harthun Profile: Ken Harthun

FortBendNow.com

Source: FortBendNow.com

With the kickoff to holiday shopping the day after US Thanksgiving–“Black Friday” as it is commonly known–come the spammers, scammers and thieves. There will undoubtedly be waves of fake gift card deals and other “click candy” full of scams and malware. A big one floating around right now is a fake iTunes gift certificate. It arrives with the subject line “iTunes Gift Certificate” and contains an attachment that is supposedly the gift code. The attachment is a ZIP file containing malware. (Sophos detects this file as Mal/BredoZp-B.)

This is nothing new; we always see such things around the big holidays. But there are a few things you can do to avoid getting fooled. Here’s a list from Sophos’s Naked Security Blog:

Here are some other things to watch out for, adapted from a list posted by USA Today:

* Beware bogus forms. Beware emails and pop-up messages that ask you to type your account username and password, credit card number or personal information such as Social Security number and date of birth. Legitimate organizations don’t solicit sensitive information via email.

* Don’t blindly believe urgent, personalized warnings. Phishers often claim that you need to take urgent action with official organisations such as IRS (taxation), Social Security or the Department of Motor Vehicles.

* Don’t fall for that cute-baby photo. Even if you recognise the sender’s name, don’t open attachments. Distrust all email until and unless you’ve verified that the sender actually intended you to get the message and can vouch for its content.

Have a Happy Thanksgiving and stay safe out there!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: