This time of the year, spam campaigns are increasingly adopting holiday themes to improve their malware distribution rate and steal users’ banking information or to trick victims into accessing fake online stores, security researchers warn.
The growth is mainly fueled by an intensified online shopping activity, which clearly inspires cybercriminals to launch various social engineering attacks, including phishing and drive-by download campaigns. For the delivery of their malicious payloads, the cybercriminals use spam emails, one of the oldest and most used such tactics.
According to Cyren, 78% of the email messages this week containing the word “Christmas” in the subject line were spam. What’s more, the security firm says that Christmas-themed email is almost entirely commercial or criminal.
To ensure that the victims are lured into their scheme, the attackers leverage keywords, thus creating “reasonable doubt in the victim’s browsing experience,” Zscaler security researchers explain. The attackers attach their malware to spam emails in the form of documents or links supposedly taking users to a receipt for an order recently placed.
Other tactics include the use of banners and pop-ups supposedly offering discounts and free shipping, but which don’t come from legitimate sources and are difficult to distinguish from real ones. The next phase of the attack is already tried and proven: a malicious document is used to drop the malicious code to the victim’s computer.
Previously, criminals would use fake gift cards for the malware delivery, but users are growing wary of these, so they switched to weaponized Word documents instead. These documents contain malicious macros and attempt to trick the user into enabling them. When executed, the macros download a malicious executable designed to deliver ransomware or other types of malware.
A recently observed large distribution campaign featured a fake Amazon notification, but instead contained a malicious JavaScript file packed inside a ZIP attachment. The script was designed to download and execute the Locky ransomware onto the compromised machine.
A Cerber ransomware distribution campaign observed only a couple of weeks ago was using fake credit card notifications to trick users into installing the malware. Recent campaigns switched to other holiday season-related themes for the same nefarious purposes.
“Cybercriminals are also sending phishing emails with fake package tracking numbers, bogus discounts, or coupons that link to phishing sites. With so many online orders being shipped, it is difficult to differentiate between the genuine email notifications and the frauds,” the Zscaler security researchers say.
Cyren notes that non-malware spam emails are also clogging user inboxes, linking to fake shopping sites such as like sneakernnz.com (fake Nike), bootskest.com (fake UGG), and baggoingdae.com (fake Michael Kors). A spam attack linking to the fake Michael Kors shopping became the highest volume non-malware attack seen by Cyren this year.
To avoid falling victim to attacks carried out via spam, users should stay away from emails coming from unknown sources, especially those that arrive during the holiday season with alleged invoices or order confirmations attached to them. The phishing traffic for store-related scams has increased as well over the past weeks, and users should always make sure that they visit legitimate websites when looking to make a purchase.
“It’s the time of year when we all get to celebrate with our families. For some of us, though, this will mean online shopping with all its potential pitfalls. And for some it will mean new devices and appliances to connect — with oblique instructions and undoubtedly some questions. Here are some tips to help keep you and yours safe and secure through the holidays and into the New Year,” the security researchers note.