Bogus Pizza Order Used to Infect Computers
CREDIT: El Nariz/Shutterstock.com
If someone else makes a mistake that could cost you hundreds of dollars, wouldn't you try to correct it right away?
That's what cybercriminals are counting on with two current email scams that trick recipients into installing malware on their computers.
The first ruse tries to make victims believe their credit cards are being misused to fund someone else's pizza party.
As British IT technician Conrad Longmore noted on his Dynamoo security blog last week, victims are shown an option to "CANCEL ORDER NOW!" after being informed that their credit cards have been used to purchase several hundred dollars worth of pizza, soda and beer.
"If you haven't made the order and it's a fraud case, please follow the link and cancel the order," the fake receipt from "Alberto's" or "Piero's" pizzeria reads.
Of course, victims' credit cards haven't actually been charged.
Clicking on the CANCEL ORDER button will do nothing more than to open the victims' Web browsers on a Russian website, which in turn tries to infect computers using the notoriously effective Blackhole browser-exploit kit.
A similar email-based attack tries to infect computers using messages that claim to come from the United States Electronic Federal Tax Payment System (EFTPS), a real-life American federal system for sending funds to the Internal Revenue Service.
"Company Tax Payment Batch Has Been Rejected," the email tells recipients, according to Belgian email-security firm MX Lab.
The bogus message then prompts recipients to open a PDF file, which is actually an executable (application) that installs a variant of a fairly obscure Trojan known as Wauchos. (Many brands of anti-virus software don't yet detect it.)
Users can protect themselves against attacks such as these by scanning all attached files with a virus scanner before opening or downloading them. (Make sure your computer's anti-virus software is always up-to-date.)
It's also important to remain vigilant and wary about whom the message sender is, as opposed to whom a message claims to come from.
Reading and responding to email messages with a skeptical eye can go a long way toward keeping your computer safe and malware-free.