Alerts E-Threats

Bogus Christmas Loans and Credit Extensions Expose Users to Malware

New Christmas scam campaign targets shoppers in need of extra cash with bogus loans and credit extensions and tricks them into accessing pages hosting BlackHole exploit kit.

With holidays just around the corner, crooks have already started to poke around for shoppers who want a piece of the online Christmas cheer, but don’t quite have the budget for it.

If you are “short on cash this holiday,” there’s a scammer to let you know that “Holiday cash” can give you the extra money you need “to make Christmas Merry.” Just click a link.

Clicking the link takes users to a page blocked for malicious activity by the Google Safe Browsing diagnostic tool. This particular domain hosted on a server in Russia has a poor reputation and is listed among domains used by attackers to harbor and distribute malware.

This link might be blocked but the Christmas campaigns are at their peak and no one can guarantee the next malicious link won’t dodge security software blacklists or reputation-based mechanisms.

Another scam campaign is addressed to enthusiastic parents who want to send their children “a personalised letter from Santa.” On clicking the inserted link, they are lead to an online survey that can allegedly help them win an iPhone or an iPad. Users are also asked to give away their phone number and send an SMS to a premium-rate number. Bottom line, no one will ever get any personalized item from or with Santa for their child. In fact, none of the on-line questionnaires or the aggressive ads that follow have anything to do with Christmas or Santa.

Crooks also taunt people with bogus announcements according to which users’ “wire transfer was cancelled by the bank”. The link takes them to another webpage known with a bad reputation.

Everybody gets excited around Christmas and might forget about safety when offered big discounts for a wide range of products, such as pharmacy products (read Viagra, diet pills and body cleansing tablets), fake Rolex wrist watches or luxury cars and furniture. And crooks know this and don’t hesitate to take advantage of the unwary Christmas enthusiasts.

Here’s a short list of things users should keep in mind around Christmas shopping seasons:

  • Don’t shop when you are connected to an unprotected Wi-Fi network.
  • Don’t buy what comes advertised via spam, instant messenger or social networking platforms. You will be redirected towards websites harboring malware or spoofed web locations that look a lot like the original site.
  • Shop only from your personal computer. It’s important that you don’t give your credentials while on PCs in coffee shops, libraries or work.
  • Before entering card-related data, run a 60-second QuickScan from here or a full system scan with your favorite antivirus. If you’re shopping from the family PC, use a secure browser such as the SafePay browser to go through check-out with full confidence that your credentials and transactions are not being manipulated.
  • Always keep your browser, your software and your antivirus updated.

Safe Christmas shopping, everyone!

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.