- ‘American Dirt’ controversy inspires meme about Latinx stereotypes in literature Wednesday 9:02 PM
- What is the TikTok ‘flex challenge’? Wednesday 8:03 PM
- GoFundMe to send ‘Target Tori’ on vacation raises more than $30K Wednesday 6:54 PM
- Furries stop domestic assault in viral video Wednesday 6:10 PM
- Gritty under police investigation for allegedly punching a teen fan Wednesday 6:04 PM
- Twitter users throw animal parties with emoji in new meme Wednesday 5:21 PM
- Woman who went viral supporting Soleimani killing exposed as Libyan militia lobbyist Wednesday 5:01 PM
- Jeff Bezos subtweets Saudi prince following phone hack report Wednesday 3:29 PM
- ‘Yeah, good. OK’ Bernie Sanders meme is a new way to dismiss people Wednesday 3:10 PM
- ‘Vanderpump Rules’ recap: Petty displays of affection Wednesday 2:12 PM
- Makeup artist transforms into Timothée Chalamet on TikTok Wednesday 1:54 PM
- Iguanas are falling from trees—and people are selling them online for food Wednesday 1:02 PM
- 75,000 sign petition to fire Wendy Williams after ‘cleft lip’ comment about Joaquin Phoenix Wednesday 12:30 PM
- Kim Kardashian says Kylie Jenner’s setting spray is ‘cheap sh*t’ Wednesday 11:59 AM
- Trump continues to demand Apple unlock iPhones for the government Wednesday 11:46 AM
Don’t get caught in a phishing scam this holiday season
You should always be on alert—especially now.
It’s that time of year again: Work winds down, holiday decorations are pulled out of storage, and miscreants ramp up their targeting of email accounts in a quest to steal personal data.
Security writer Brian Krebs reports that scammers have been sending out emails that purport to be “order confirmation” notifications. In reality, these messages include links to malware that could infect your computer. Such phishing scams aren’t new, but they’re particularly successful during the holiday season, as online shoppers are snapping up deals and clicking every discount-related link they find.
Malicious emails with innocuous subject lines like “Order confirmation” usually contain a link to fraudulent website and attached files that can infect Windows PCs, according to security company Malcovery. Other deceptive subject lines include “Thank you for your order” and “Order status.”
The malware is a Trojan horse that ropes computers into the Asprox spam botnet, a shady network of infected machines that has been around since 2007. The botnet steals FTP, website, and email credentials from infected computers, and it can force the computer to scan other websites for vulnerabilities as an unconventional way of distributing malware.
Fraudulent emails have claimed to be from companies like Home Depot, Target, Walmart, Best Buy, and Costco. If you receive one of these emails, don’t click any of the links or attachments. Instead, Krebs suggests visiting the supposed retailer’s site directly to search for an order number or shipping confirmation.
As holiday shopping season commences, be on the lookout for malicious activity—or you might wind up with a surprise gift you didn’t ask for.
Photo via [email protected]/Flickr (CC BY-SA 2.0)
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.