A guest article by Jane Andrew.
Hackers, crackers and cyber fiends are deploying new tactics of getting through their malicious applications to the users these days. One such group is pushing fake Groupon discount emails yearning for the naïve users to fall for their trap and consider that those emails are sent from some of their friends. Clearly, unlike what the attachment promises to be, it is a malware concealed within those emails.
You took my name in vain
These scammers in question are getting their malware through by taking advantage of the popularity of the deal-of-the-day site called Groupon. Normally using the subject of the “GROUPON Discount offers” the spam mail pretends to be from one of your contacts i..e. one of your friends, and claims to have found an amazing deal on the website Groupon when in fact it is only a way paved through to get the malware across to the system. The email originating from the hacker that says it is from a friend, who has sent you a gift and a discount code for that deal while urging you in to opening the attachment that is normally titled Gift Coupon.zip. The malware has been identified as Troj/Bredo-ABB and Mal/BrendoZP Zp-B, by Sophos, which was also the first source to have reported the spam. Further sugarcoated is the email that claims to be a discount code for the deal from one of your friends, scuppering for you to open the attachment enticing you with the name “Gift coupon.zip”.
The actual email
While analyzed the main body of the email, it becomes apparent that the email begins with general pleasantries and further takes on a professional camouflage. It begins with a ‘Hi’ and follows with the same claim that you are going to love the deal from Groupon that your friend has found and shared with you. It puts forth as a new feature that Groupon has introduced allowing users to share a discount gift among peers. It then grows those fiery horns and the red tail requesting the naïve users to open the attachment in order to enjoy their discount gift and share it with further friends as well. As it is customary to these posers and fakers, the text in the mail urges the user to hurry and fill out the details in the attached form as the discount offered holds only for two days.
How to combat these demons
A security company spokesperson elucidates precautionary measures regarding such threats and urges the users to keep their antivirus programs up to date and their wits oriented in the right direction. It does not come off as much of a challenge to anyone to use professional language and make an email that has a completely formal look using a well maintained website’s branding, which is required by them in their pursuit of ensnaring as many users as they possibly can into clicking on a flashy link or a seductive attachment which obviously leads to downloading a computer monitoring software, a mobile spy app or any other malicious program for that matter.
As a rule of thumb, follow the instructions given by most popular email hosting sites and make it a habit not to blindly open an attachment from emails especially coming in from unknown senders. Similarly, do not forward emails regardless of whether you find them to be true or not, if there is anything dubious, just let it go down the drain. This would also avert the disasters resulting from the email addresses collected through email chain letters that is used to send junk and malware by spammers.
Jane Andrew has been writing about cell phone and PC privacy and security issues for the past few years. Her work looks into the many things novices miss out on. She blogs for MobiStealth.com.