Love in Your Inbox – Malware on Your Computer
It’s only a few weeks until Valentine’s day, so it’s not to early to get ready for the deluge of “I love you”, “Wish you were mine”, and of course the proverbial “Happy Valentine’s Day” emails.
Hopefully, you will have a Happy Valentine’s Day, but you won’t if you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year. Much of it designed to drop malware on unsuspecting users machines.
Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users, just prior to this day, culturally set aside as a “celebration of love”.
In previous years, starting just about this time, we saw abnormally high rates of this type of spam, and since cyber crooks are “opportunity driven”, we can expect much more of this type of cybercriminal activity this year.
Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. Things like MP3 files, screensavers, cartoons, YouTube videos and the like. You get them so often, that you just automatically click on the email attachment without even thinking. If you are this type of person, here’s a word of advice – start thinking.
The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.
The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.
Last year at this time, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.
Fortunately, common sense prevailed and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan, which can connect to remote command and control sites.
Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.
You know what to do, right?
Don’t open emails that come from untrusted sources.
Don’t run files that you receive via email without making sure of their origin.
Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.
If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.
Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:
Instant Messenger applications.
Chat forums, etc.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Pingback: Tweets that mention Valentine’s Day = Cyber Crooks And Malware Love | Bill Mullins' Weblog – Tech Thoughts -- Topsy.com
Hi,
”Love in Your Inbox – Malware on Your Computer” …. 🙂
Best regards !
Thanks for that, Murphy. 🙂
Best,
Bill
Hi Bill,
You recommend,
“Don’t click links in emails. If they come from a known source, type them on the browser’s address bar”.
If it’s a malicious link of which the known source is unaware, wouldn’t the result be the same?
Best,
John
Hi John,
No, links in email can be created in such a way (very easy to do), that they can redirect you to another site. For example, last week in an email I received supposedly from the “Gmail Team”, the link given was Gmail.com – but when I then “Copied the link location” (from the right click contest menu), and pasted it into Word, the link, for the sake of discussion was http://we're going to screw you.cn. I don’t recall the actual phony address, but the “we’re going to screw you.cn” was the intent.
Typing the address into the address bar, given that it comes from a known source, say billmullinswp.gmail.com – won’t allow any underlying address that you can’t see. Here’s a further example – if you read my daily Tech Net News, then you’re trusting that when you click on hyperlinked text it will take you to the relevant article – since you can’t see the underlying address.
However, if you were to highlight the relevant text, then “Copy Link Location” and post it to a text app, you would then see the actual link. e.g. Netflix Rates Broadband Providers by Bandwidth translates as – http://www.pcworld.com/article/218027/netflix_rates_broadband_providers_by_bandwidth.html?tk=nl_wbx_h_crawl1.
Hope this helps.
Best,
Bill
Hi Bill,
Anyone who wants to screw me must at least buy me dinner first!
Joking apart this is deadly serious. Thanks for the timely warning.
Kind regards
John
Hi John,
I hear ya! lol
Best,
Bill