Another new clever email scam. These guys get smarter all the time.
I received an email purporting to be from Google telling me that they blocked a phising attempt and that I had to paste the provided URL (web address) in to my browser to “validate” my email account. The provided URL goes to a Google Docs spreadsheet to make it look legit and it does actually go to Google Docs spreadsheet. The problem is that spreadsheet has a macro/script that infects your computer.
A PayPal scam this time. I received an email purporting to be from PayPal. It was sent to the correct address and looked exactly like emails I get from PayPal. It said the transfer of $13,438.62 was being held for security reasons and to click the “Accept” or “Decline” buttons.
Oddly the transfer was listed as being to Young31622@sandscomputers.com. I think I know what email addresses are valid at my own company. Also one sentence had incorrect English.
The buttons both went to the same non-PayPal address where I am sure they would either infect my computer with some sort of malware or would have tried to get my login information for PayPal.
These guys are pretty clever. This scam involves a fake order from Amazon. I was notified just moments ago that the Samsung 40″ HD TV I ordered was shipped and will arrive on the 21st. Of course I didn’t order a TV from Amazon. Of course the email provides MANY links to click to get information. All of them lead to the same web site that is not Amazon. The email is pretty convincing looking exactly like an email one would get from Amazon. The email address it came from is not Amazon however. They made no attempt to fake the email address this came from so it’s pretty obvious it’s not from Amazon.
It’s been a couple of weeks since the last scam alert I posted. Got a new one today. A fake email from Intuit that states you need to get a security update or you won’t be able to access your Quickbooks data anymore. The link provided takes you to a web site not remotely connected to Intuit where you will undoubtedly be infected with something nasty.
Once again people, don’t ever click on links in emails.
This week’s scam. You receive an email saying <someone’s email address> has just sent you an ecard from 123greetings.com (or some other ecard place). There is a link to click that looks like it will take you to said ecard but if you hover over the link and look at where it will actually take you you will see it goes to someplace completely different and most likely will infect you with malware. Once again, don’t click on links in emails people, no matter what they say or who they appear to be from. Ever.
So it appears THE way to spread malware now is by email attachments like the ones I have been posting about. I received another one today about the Delta Airlines tickets I supposedly purchased. The attachment was a zip file and the email said there was a document attached. The zip file had an executable in it that would most likely take you to a site that would infect you. It might infect you directly but I wasn’t going to try it. 😛
Got yet another email. This time it purports to be from UPS and even has a UPS.COM email address. It says they missed a delivery and to click the link to find out about it. Same HTML link that takes you to a web site that infects you.
Well, I just got one of those emails I have been warning you about. It came from a gmail address but tells me to open the attachment (which is actually just a link to a web page) to get information about my order from Intuit. They also have a 900 number to call for questions about the order for only $3.69 a minute! Such a deal. Once again, don’t click on links in emails.