Christmas is a great time for cyber-criminals, especially those who make nasty malware which they distribute through malicious email attachments. That’s because scammers will know that many of us will be shopping on the Internet over the next few weeks. This allows criminals to tailor their emails scams to target those who may have just made an online purchase, in the knowledge that a good percentage of those receiving their email scams will likely have done just that.
Detecting these scams is as important as it ever has been, since malware has progressed in how destructive it can be, especially ransomware, which encrypts all of your files, rendering them useless. Here are 4 email scams containing malicious attachments that you can expect during the Christmas period.
We could not deliver your parcel
As many of us spend our hard earned money online this Christmas, scammers will know that we’ll all be expecting our online purchases to arrive at the doorstep in the coming weeks. And this is what this clever scam relies on.
The email will appear to come from a courier company, and will tell the recipient that there was a problem delivering a parcel. For example there was an issue with the delivery address, or the recipient of the parcel was not home.
Whatever the reason, the email will suggest the email recipient to open the email attachment to resolve the problem, inadvertently executing the malware in the process.
View your invoice/order details
Not only do we expect our parcel to be delivered, we may also be expecting the invoice to arrive online. Many retailers, including Amazon, send invoices through email.
And this is how this scam works. The email scam will vaguely claim that you need to open the email attachment to view the invoice, or order details. Of course the email won’t say what you purchased (since the scammer doesn’t know that!) so the recipient may open the email attachment to check what the invoice is for.
And in doing so, they infect their own computer.
If you receive an invoice from a company you've never dealt with, it's best to ignore it. And even if you recognize the company name but haven't done any purchases with them recently, pick up the phone and call them to make sure it's legit.
Problems with your order
We all want our Christmas presents to arrive on time, so getting an email that tells us a problem has arisen with our order is likely to get our attention. These emails will vary in exactly what they say, but essentially tell the recipient that there was a problem with your online order, and that you need to open the attachment for details.
And when you open the attachment, you infect your computer.
Remember: Any issues with the order will not be in an email attachment. You can check the status on any pending order my going directly to the retailers website.
The last thing we want when purchasing items online is for our payment to be declined. So when an email arrives telling us just that, we’ll certainly want to get to the bottom of it.
Scammers know that lots of us will be making online payments, meaning email attachment scams purporting some sort of “your payment has been declined” tale will enjoy much more success at this time of the year.
Naturally the email will implore the recipient to open the email attachment to see details of the problem.
Any issues with payment will not be put into an email attachment. You can contact the retailer directly for the status of an order.
…malicious email attachments usually reside in ZIP files, meaning you need to open the ZIP folder and then open the file inside to infect your computer. However not all malicious emails have be ZIP folders. Malicious email attachments can also .doc, .bat, .exe, .xls, or .pdf extensions. Additionally, email attachments may have fake extensions to make them appear harmless, for example, "picture001.jpg.exe" is not a picture!
The important thing to remember, if you’re not sure, don’t open! This also applies to emails that you were not expecting that contain attachments. Only open email attachments if you are 100% confident of the contents of the attachment and the source of the email can be trusted.