- #DogsAgainstBrexit highlights the negative impact of Brexit on pets Monday 7:44 PM
- Congress investigating whether vaping manufacturers used social media bots Monday 6:34 PM
- Influencer accuses Lisa Frank of stealing apartment design, says that’s why she’s getting evicted (updated) Monday 6:12 PM
- Brits are sharing their ‘awfully British Amazon reviews’ on Twitter Monday 4:08 PM
- How to stream Mexico vs. Panama in Concacaf Nations League play Monday 3:38 PM
- How to stream U.S. vs. Canada in the Concacaf Nations League tournament Monday 3:21 PM
- Fortnite’s black hole launches conspiracy theories and memes Monday 3:19 PM
- WeWork pulls phone booths over formaldehyde concerns Monday 3:06 PM
- Mark Zuckerberg is reportedly having private meetings with prominent conservatives Monday 3:03 PM
- Firework is a social video app with a literal twist Monday 2:46 PM
- Pro-Trump meme comedian Carpe Donktum suspended by Twitter (updated) Monday 1:35 PM
- Here are all of the Disney+ titles available to stream at launch Monday 12:52 PM
- Rumor: Apple to release $399 iPhone SE follow-up next year Monday 12:44 PM
- Sulli, K-pop star who spoke against cyberbullying, dead at 25 Monday 12:37 PM
- The latest front in Turkey’s digital war against the Kurds? Google reviews Monday 12:19 PM
Don’t get caught in a phishing scam this holiday season
You should always be on alert—especially now.
It’s that time of year again: Work winds down, holiday decorations are pulled out of storage, and miscreants ramp up their targeting of email accounts in a quest to steal personal data.
Security writer Brian Krebs reports that scammers have been sending out emails that purport to be “order confirmation” notifications. In reality, these messages include links to malware that could infect your computer. Such phishing scams aren’t new, but they’re particularly successful during the holiday season, as online shoppers are snapping up deals and clicking every discount-related link they find.
Malicious emails with innocuous subject lines like “Order confirmation” usually contain a link to fraudulent website and attached files that can infect Windows PCs, according to security company Malcovery. Other deceptive subject lines include “Thank you for your order” and “Order status.”
The malware is a Trojan horse that ropes computers into the Asprox spam botnet, a shady network of infected machines that has been around since 2007. The botnet steals FTP, website, and email credentials from infected computers, and it can force the computer to scan other websites for vulnerabilities as an unconventional way of distributing malware.
Fraudulent emails have claimed to be from companies like Home Depot, Target, Walmart, Best Buy, and Costco. If you receive one of these emails, don’t click any of the links or attachments. Instead, Krebs suggests visiting the supposed retailer’s site directly to search for an order number or shipping confirmation.
As holiday shopping season commences, be on the lookout for malicious activity—or you might wind up with a surprise gift you didn’t ask for.
Photo via [email protected]/Flickr (CC BY-SA 2.0)
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.