Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Holiday-Themed Spam Campaigns Ramp Up

This time of the year, spam campaigns are increasingly adopting holiday themes to improve their malware distribution rate and steal users’ banking information or to trick victims into accessing fake online stores, security researchers warn.

This time of the year, spam campaigns are increasingly adopting holiday themes to improve their malware distribution rate and steal users’ banking information or to trick victims into accessing fake online stores, security researchers warn.

The growth is mainly fueled by an intensified online shopping activity, which clearly inspires cybercriminals to launch various social engineering attacks, including phishing and drive-by download campaigns. For the delivery of their malicious payloads, the cybercriminals use spam emails, one of the oldest and most used such tactics.

According to Cyren, 78% of the email messages this week containing the word “Christmas” in the subject line were spam. What’s more, the security firm says that Christmas-themed email is almost entirely commercial or criminal.

To ensure that the victims are lured into their scheme, the attackers leverage keywords, thus creating “reasonable doubt in the victim’s browsing experience,” Zscaler security researchers explain. The attackers attach their malware to spam emails in the form of documents or links supposedly taking users to a receipt for an order recently placed.

Other tactics include the use of banners and pop-ups supposedly offering discounts and free shipping, but which don’t come from legitimate sources and are difficult to distinguish from real ones. The next phase of the attack is already tried and proven: a malicious document is used to drop the malicious code to the victim’s computer.

Previously, criminals would use fake gift cards for the malware delivery, but users are growing wary of these, so they switched to weaponized Word documents instead. These documents contain malicious macros and attempt to trick the user into enabling them. When executed, the macros download a malicious executable designed to deliver ransomware or other types of malware.

A recently observed large distribution campaign featured a fake Amazon notification, but instead contained a malicious JavaScript file packed inside a ZIP attachment. The script was designed to download and execute the Locky ransomware onto the compromised machine.

A Cerber ransomware distribution campaign observed only a couple of weeks ago was using fake credit card notifications to trick users into installing the malware. Recent campaigns switched to other holiday season-related themes for the same nefarious purposes.

“Cybercriminals are also sending phishing emails with fake package tracking numbers, bogus discounts, or coupons that link to phishing sites. With so many online orders being shipped, it is difficult to differentiate between the genuine email notifications and the frauds,” the Zscaler security researchers say.

Cyren notes that non-malware spam emails are also clogging user inboxes, linking to fake shopping sites such as like sneakernnz.com (fake Nike), bootskest.com (fake UGG), and baggoingdae.com (fake Michael Kors). A spam attack linking to the fake Michael Kors shopping became the highest volume non-malware attack seen by Cyren this year.

To avoid falling victim to attacks carried out via spam, users should stay away from emails coming from unknown sources, especially those that arrive during the holiday season with alleged invoices or order confirmations attached to them. The phishing traffic for store-related scams has increased as well over the past weeks, and users should always make sure that they visit legitimate websites when looking to make a purchase.

“It’s the time of year when we all get to celebrate with our families. For some of us, though, this will mean online shopping with all its potential pitfalls. And for some it will mean new devices and appliances to connect — with oblique instructions and undoubtedly some questions. Here are some tips to help keep you and yours safe and secure through the holidays and into the New Year,” the security researchers note.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack