June 08, 2012Malware Lures Today: Xanga and Kindle
First up is a phony alert claiming to come from social networking site, xanga.com. The message says "Shonta" (probably a different name with different messages) has accepted my friend request. It invites me to click all kinds of links, including a change of my profile setting for real-time alerts. In my case, it's easy to spot the fake because I don't belong to Xanga.
Next comes an order acknowledgement/receipt for a very expensive Amazon Kindle ebook. The HTML layout of the message is a pretty good amazon.com knock-off, so I suspect many recipients will believe it came from amazon.com. Being charged $50-$100 for an ebook you didn't ever order can get your adrenalin flowing, driving you to click the links to contest the charge. And that's when malware downloading trouble begins.
Don't fall for these tricks. Always check the URLs of the links or visit the sites via previously-saved bookmarks to check your account activity, no matter how legitimate the email looks.Posted on June 08, 2012 at 10:22 AM
June 06, 2012Craigslist Malware Lure
The message claims to originate from craigslist.org...but it doesn't really. It's just another variation of the malware lure that's intended to raise your adrenalin level to the point of automatic clicking on the link. Here's the message (Subject: line details vary with each message):
From: craiglist - automated message, do not reply <firstname.lastname@example.org>
Subject: POST/EDIT/DELETE : "Great poker action" (antiques)
IMPORTANT - FURTHER ACTION IS REQUIRED TO COMPLETE YOUR REQUEST !!!
FOLLOW THE WEB ADDRESS BELOW TO:
- PUBLISH YOUR AD
- EDIT (OR CONFIRM AN EDIT TO) YOUR AD
- VERIFY YOUR EMAIL ADDRESS
- DELETE YOUR AD
If not clickable, please copy and paste the address to your browser:
PLEASE KEEP THIS EMAIL - you may need it to manage your posting!
Your posting will expire off the site 7 days after it was created.
Thanks for using craigslist!
Always verify the actual link addresses (roll your mouse pointer atop the link, or, for touch screens, touch and hold on the link) of any unusual or unexpected email message.Posted on June 06, 2012 at 01:00 PM