February 5, 2010

Cancel this "special order"

This just in, from one of our faithful correspondents:

I have received an e-mail that looks like it is from Amazon.com but is not. I am sure it is a phishing scam.

The mail is very well done in that it has the Amazon logo and claims to be from "order-update@amazon.com.
It tells you to click on the attached link for an update on your order status.

The tip-off for me was: 1. I have no current order with Amazon, and 2. rather than a hot link to UPS as I would expect from Amazon, the mail had an attachment that was a .zip file with the instruction to open the zip file for order update information.… This one is pretty sneaky in that is does not try to scare you, e.g. "your credit card data is wrong," or sell you something. But I'm positive the zip file would unload some nasty bit of malware that would either steal my data or just trash the hard drive.

Malware, indeed. Akin to the "special delivery" e-mail noted earlier, this type of scam often involves software that logs your keystrokes, giving a hacker access to the things you use your computer for, like shopping and banking, either of which can get the hacker your credit card number. Alternatively, if you are using a Windoze computer, malware can turn your PC into a "zombie," generating even more spam to the unsuspecting masses.

For more information, visit Symantec's Web site.

No comments:

Post a Comment