HOW TO....

Malware instead of Carnations for Mother’s Day

Spam, phishing, malware are all thrown at you while you are busy looking for a nice gift for your wife, mother or sister on Mother

The International Mother’s Day has been celebrated, since 1910, with white and red carnations, appreciation letters replaced today by greeting cards, nice dinner in smart restaurants or jewelries especially created for such occasion.  Unfortunately, this kind of events is not missed by cyber crooks who find this frenzy particularly convenient for their on-line scams. And with a bit of social engineering things can turn very ugly, should the enthusiastic buyer not exercise enough caution around this otherwise beautiful holiday.

First of all, many well-known online retailers are phished in order to mislead buyers into thinking that they are purchasing mother’s daygifts from their favorite virtual shop. The credit card credentials can this way fall into the hands of cyber-crooks and your savings can vanish in a heartbeat.  If you are about to make such a purchase, it is highly recommended that you type in the whole address of the site you would like to visit and furthermore avoid clicking on links that land on your social networking wall or that reach your spam folder.

Second, with holidays around the corner, fake shops arise each day on the Internet. These online locations advertise fictitious products and take your not-so-fictitious money without ever delivering your order. If you can’t tell an online shop from a trustworthy source, maybe you either should do some research on the particular site before using its services or choose shops you’ve already tried with other occasions.

Third, spammers will also take a shot and try to trick people into accessing either certain sites advertising knock-off jewelry, accessories and pills or clicking links that will make the online shoppers land on various malicious sites where they can get a keylogger, a backdoor or a good old exploit from. And then all the critical data typed in may get into the wrong hands.

Lately, spam bundles with malware seems to have a strong comeback: with a bit of social engineering, people are convinced to download and open attachments that at a fist glance appear to be plain Microsoft® Word® documents but are in fact executable files rigged with malware.

For instance, these past days, a spam mail has circulated in which the message reads that you’ve just received your “order confirmation” from a purchase you made from a well-known online jewelry store that advertises amongst others custom made mother’s day rings. And if you happen to have searched for this kind of gifts, then you might fall for the trick and pay a considerable sum of money for the ring that will never be sent. Plus, all your credit card credentials will get into the malicious ill-intentioned hands.

Mother's Day Spam bundled with malware

Spam message and its attached malware

Malware-bundled greeting cards once again make it into the top five online threats around Mother’s Day. Spyeye, once known as Zbot or the notorious Koobface use every means and media to spread in search for your money. You may think that you have in your inbox a nice e-card, but in fact these bots use this beautiful disguise to send you attached malware.

If you’re shopping for mother’s day gifts using a smartphone, make sure that you see the whole address of your webshop of choice. Since cyber-crooks know that the small display of the smartphones might hinder the user from seeing the entire URL of the requested webpage, they usually set up spoofed webpages resembling webshops or other commercial services and wait for you to enter your credit card details. You are therefore advised to type in the entire URL manually and check if the website’s SSL certificate is in place.

In order to protect the integrity of your computer and data, make sure that you follow these safety guidelines:

  • Install and update a security solution that contains at least antimalware, antispam and antiphishing modules.
  • Do not open attachments that come from unknown senders; if you really need to do so, make sure that you download the attachment and scan it with your locally installed antivirus solution.
  • Never use public computers to perform e-banking transactions or other online purchases. These computers may be laden with keyloggers or banker Trojans.
  • Avoid shopping online when using public WiFi hotspots such as those in airports, coffee shops or malls. Usually, data exchanged between you and the online shop of choice flows through an unencrypted channel and can easily be intercepted by an attacker.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.