{"id":12536,"date":"2018-12-20T17:36:54","date_gmt":"2018-12-20T13:36:54","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=12536"},"modified":"2019-11-15T15:22:38","modified_gmt":"2019-11-15T11:22:38","slug":"christmas-card-malware","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/christmas-card-malware\/12536\/","title":{"rendered":"These Christmas gifts and greetings are the worst"},"content":{"rendered":"<p>All holidays involve some fuss and bother, and Christmas and New Year are probably the fussiest of all: You have to buy gifts, plan gatherings, cook food a week in advance, and remember well-wishes for family and friends. For scammers, it\u2019s also a holiday \u2014 and a more enjoyable one at that. Because people are rushing round trying to do a million things at once, they relax their vigilance and become sitting ducks. In this post we look at two money-making schemes being used by scammers this season against people distracted by Christmas preparations.<\/p>\n<h2>Gift card malware<\/h2>\n<p>These days, gift cards are a universal solution to gift-giving quandaries. If you don\u2019t know what to give someone, a gift card for a popular store will do nicely. And if you get a card for a store you never use, you can always regift it.<\/p>\n<p>So when you receive a message saying that an unknown someone has given you an Amazon or Apple gift card, that seems like a nice surprise. But shouldn\u2019t you stop and wonder why a stranger would go to the trouble and expense?<\/p>\n<p>The first thing that should arouse suspicion is the address the letter was sent from. The message might look as if it came from Apple, Amazon, or some other store, yet the sender\u2019s address clearly indicates a public mail service such as Gmail or Hotmail.<\/p>\n<p>The second reason to be doubtful is the document attached to the letter. The message says that you can receive your shiny new gift card by following the instructions in the DOC file attached \u2014 but it\u2019s not a set of instructions; it\u2019s a Trojan. <a target=\"_blank\" href=\"https:\/\/threats.kaspersky.com\/en\/threat\/Trojan-PSW.Win32.Azorult\/\" rel=\"noopener noreferrer nofollow\">Trojan-PSW.Win32.Azorult<\/a>, to be precise.<\/p>\n<p>Don\u2019t think that DOC attachments are harmless \u2014 they can contain macros for downloading malware. E-mail attachments with all kinds of extensions (ZIP, RAR, PUB, PIF, ACE, etc.) have been going around recently in spam, and if the extension looks unfamiliar to you or, on the contrary, if you often work with such files, extreme caution is called for.<\/p>\n<p>It may be the season of goodwill, but it\u2019s unlikely that a kind-hearted stranger sent you a gift card; the chances that scammers are trying to slip you malware are somewhat higher. If downloaded, the Trojan will try to steal your accounts and personal data, which is probably not what you want from Santa. Ignore such messages as <a target=\"_blank\" href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/spam\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" rel=\"noopener noreferrer\">spam<\/a>.<a target=\"_blank\" href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/12\/20172613\/christmas-card-malware-screen1.png\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-12539\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/12\/20172613\/christmas-card-malware-screen1.png\" alt=\"Sample gift card scam that appears to be from Amazon or Apple. File attachment contains Azorult malware\" width=\"972\" height=\"714\"><\/a><\/p>\n<h3>Malicious e-cards<\/h3>\n<p> <\/p>\n<p>Electronic greetings cards are popular with Internet users \u2014 one e-card with a standard platitude sent to all contacts is a great time-saver. Don\u2019t be offended by such an impersonal greeting, be thankful it doesn\u2019t contain something worse. Under the guise of e-cards, cybercriminals can send malicious files, such as <a target=\"_blank\" href=\"https:\/\/threats.kaspersky.com\/en\/threat\/Trojan-Banker.Win32.Emotet\/\" rel=\"noopener noreferrer nofollow\">Trojan-Banker.Win32.Emotet<\/a>.<\/p>\n<p>To spot a fake, first check out the sender\u2019s address. If it looks unfamiliar, it\u2019s a good idea to delete the message right away \u2014 and never, ever open any attachments. If the address is known to you, but the message is not typical for the sender, don\u2019t hastily open the attachment either. In most cases, regrettably, it\u2019s not that hard to hack someone\u2019s account, and sending malicious e-mails to your contacts is even simpler. In general, be wary of e-cards, especially any that are not just a JPEG or PNG image.<a target=\"_blank\" href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/12\/20172619\/christmas-card-malware-screen2.png\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-12541\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/12\/20172619\/christmas-card-malware-screen2.png\" alt=\"Sample e-card containing the Emotet banking Trojan\" width=\"972\" height=\"514\"><\/a><\/p>\n<p>Handy services help users send bulk e-cards to friends, family, and acquaintances \u2014 but they work just as well for cybercriminals, who artfully exploit them. For scammers, well-known companies are a means for netting victims, and the popularity of such greetings only improves the chances of success. Besides, faking messages from well-known services is not very complicated.<\/p>\n<p>So, if you received an e-card supposedly from a well-known service, but the sender\u2019s address looks odd or the card itself is in an attachment (plus the message doesn\u2019t say who it came from), it\u2019s better to delete it and stay well clear of the attachment. It is likely to contain malware, such as <a target=\"_blank\" href=\"https:\/\/threats.kaspersky.com\/ru\/threat\/Backdoor.Win32.Androm\/\" rel=\"noopener noreferrer nofollow\">Backdoor.Win32.Androm<\/a>, which turns your computer into a part of a global botnet.<a target=\"_blank\" href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/12\/20172632\/christmas-card-malware-screen3.png\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-12543\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/12\/20172632\/christmas-card-malware-screen3.png\" alt=\"A sample Hallmark e-card, sender unclear; opened, it spreads Backdoor.Win32.Androm, which zombifies computers.\" width=\"974\" height=\"912\"><\/a><\/p>\n<h3>What to do<\/h3>\n<p>To stop scammers from spoiling your Christmas dinner, we advise you to remain vigilant and follow these rules:<\/p>\n<ol>\n<li>Be very cautious and do not open attachments in suspicious e-mails, even if they contain seemingly innocuous gift or greetings cards. Consider a message suspicious if it was sent anonymously or by someone unknown, or if it seems to come from a known service but the sender\u2019s address indicates otherwise.<\/li>\n<li>Don\u2019t trust messages about unexpected gifts or prizes during the holiday season (or ever). It\u2019s just another cybercriminal ruse. The exception is messages from official stores with discounts, bonuses, and coupons (but they will never offer you anything completely free).<\/li>\n<li>Use <a href=\"https:\/\/me-en.kaspersky.com\/premium?icid=me-en_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">robust security solutions<\/a> with antispam capability.<\/li>\n<\/ol>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksc-trial-generic\">\n","protected":false},"excerpt":{"rendered":"<p>Why you shouldn\u2019t open messages with e-cards from strangers, or believe that someone gave you an Amazon gift card for Christmas.<\/p>\n","protected":false},"author":2481,"featured_media":12537,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486,9],"tags":[1986,1987,242,1988,239,240,521,692],"class_list":{"0":"post-12536","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-tips","9":"tag-androm","10":"tag-azorult","11":"tag-christmas","12":"tag-emotet","13":"tag-new-year","14":"tag-spam","15":"tag-threats","16":"tag-trojans"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/christmas-card-malware\/12536\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/christmas-card-malware\/14955\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/christmas-card-malware\/16886\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/christmas-card-malware\/15084\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/christmas-card-malware\/17581\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/christmas-card-malware\/16729\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/christmas-card-malware\/21880\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/christmas-card-malware\/5515\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/christmas-card-malware\/25060\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/christmas-card-malware\/11284\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/christmas-card-malware\/10186\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/christmas-card-malware\/18283\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/christmas-card-malware\/22182\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/christmas-card-malware\/23575\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/christmas-card-malware\/17755\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/christmas-card-malware\/21843\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/christmas-card-malware\/21792\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/spam\/","name":"spam"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2481"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=12536"}],"version-history":[{"count":5,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12536\/revisions"}],"predecessor-version":[{"id":14547,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12536\/revisions\/14547"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/12537"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=12536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=12536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=12536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}