- Beyoncé and Kelly Rowland were harassed by Jagged Edge as teens, Mathew Knowles says 5 Years Ago
- White nationalist Nick Fuentes is upset MTV aired his white nationalist views 5 Years Ago
- Juice WRLD had secret drug-littered Instagram, according to his ex-girlfriend 5 Years Ago
- Jersey City suspect posted anti-Semitic, anti-police materials online Today 10:30 AM
- Novaruu was banned from Twitch for 3 days—and she can’t understand why Today 10:12 AM
- Pete Buttigieg swears he’s not in the CIA Today 9:28 AM
- Greta Thunberg named ‘Time’ 2019 person of the year Today 9:28 AM
- The best gear and gadget gifts for Dad this holiday season Today 7:30 AM
- The 10 most important sci-fi films of the 2010s Today 7:00 AM
- Netflix advances beyond testosterone-fueled anime with subdued ‘Levius’ Today 6:00 AM
- Influencer accused of selling shirt she was supposed to promote Tuesday 8:42 PM
- Jameela Jamil dragged for comparing reproductive rights to landlord rights Tuesday 6:54 PM
- Trump campaign posts Thanos meme, totally misses point of ‘Endgame’ Tuesday 5:58 PM
- Petition calls for Apple to make a Baby Yoda emoji Tuesday 5:16 PM
- This BTS-Billie Eilish mashup is the most popular tweet of 2019 Tuesday 4:51 PM
Don’t get caught in a phishing scam this holiday season
You should always be on alert—especially now.
It’s that time of year again: Work winds down, holiday decorations are pulled out of storage, and miscreants ramp up their targeting of email accounts in a quest to steal personal data.
Security writer Brian Krebs reports that scammers have been sending out emails that purport to be “order confirmation” notifications. In reality, these messages include links to malware that could infect your computer. Such phishing scams aren’t new, but they’re particularly successful during the holiday season, as online shoppers are snapping up deals and clicking every discount-related link they find.
Malicious emails with innocuous subject lines like “Order confirmation” usually contain a link to fraudulent website and attached files that can infect Windows PCs, according to security company Malcovery. Other deceptive subject lines include “Thank you for your order” and “Order status.”
The malware is a Trojan horse that ropes computers into the Asprox spam botnet, a shady network of infected machines that has been around since 2007. The botnet steals FTP, website, and email credentials from infected computers, and it can force the computer to scan other websites for vulnerabilities as an unconventional way of distributing malware.
Fraudulent emails have claimed to be from companies like Home Depot, Target, Walmart, Best Buy, and Costco. If you receive one of these emails, don’t click any of the links or attachments. Instead, Krebs suggests visiting the supposed retailer’s site directly to search for an order number or shipping confirmation.
As holiday shopping season commences, be on the lookout for malicious activity—or you might wind up with a surprise gift you didn’t ask for.
Photo via [email protected]/Flickr (CC BY-SA 2.0)
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.