Many cybercriminals don’t bother registering their own domains to host malware. Instead, they compromise unprotected websites and use them in their malicious operations.
Perfect examples are the fake emails from Ameritrade (via
Spyware Sucks). The links from the notification don’t lead to randomly generated domains, but to a website that specializes in offering golf deals.
The site contains a script that attempts to load content from a Russian domain connected to work-from-home scams.
Currently, there are two email variants making the rounds. Here’s what they look like:
Dear Valued Client,
Your statement for your TD Ameritrade account ending in XXX7 is now available online.
Access your statements
To view your statement (along with previous statements), please Log On to your account and choose “History & Statements” (under Accounts). Then click the “Statements” tab, select the appropriate month(s) under the “View statements” drop-down menu, then click the “View” button.
The second one reads:
This is an automated email, and replies will not be delivered. If you need to contact us, please log on to your account and click the “Contact Us” link to send an email.
TD Ameritrade understands the importance of protecting your privacy. We are sending you this notification to inform you of important information regarding your account. If you’ve elected to opt out of receiving marketing communications from us, we will honor your request.
Market volatility, volume, and system availability may delay account access and trade executions.
To protect your computer from such threats, be sure to avoid clicking on any links that come in unsolicited emails. Many of these phony notifications are designed to look genuine, but if you hover over the links, you can clearly see that the websites they take you to are not the legitimate ones.
Also, remember that a decent antivirus solution, up-to-date critical components, and some common sense can usually keep you safe.