14 DAY TRIAL // Security researchers warn of ongoing email scams masquerading as payment notifications from various financial companies and retail chains. The fake messages trick recipients into visiting malicious links that lead to spam sites or scareware-pushing Web pages.
The new spam campaigns were intercepted by researchers from Sophos, who so far have seen such fake emails claiming to originate from companies like Chase, BestBuy or Target. "Thank you for scheduling your recent credit card payment online. Your ($USD) $117.00 payment will post to your credit card account (CREDIT CARD) on 08/06/2010," a fake notification from Chase, reads.
"We thought you'd like to know that we shipped your items today and that your orders is now complete," a similarly rogue message from Target claims. In some cases even the names of legit security products are abused, like in a fake email from Best Buy which informs recipients that "Your Webroot Spysweeper with Antivirus Protection Plan has been successfully renewed and charged to the credit card you have on file with us."
In all of the above cases the links included in the messages lead to redirect scripts hosted on domains that have nothing to do with those companies. These redirectors allow attackers to easily rotate the malicious landing pages when necessary. For example, Sophos notes that in some cases these can be regular Canadian Pharmacy spam websites, while in others, sites that push scareware.
Scareware refers to rogue applications that pose as legit antivirus products. These programs bombard users with fake security alerts about inexistent threats on their computers in an attempt to scare them into paying unnecessary license fees. "As always, pay attention to the link you’re about to click when going through your email. In some cases, simply clicking the link will be enough to infect your machine with a drive-by-download, although keeping your browser up to date, using a browser such as Firefox and using a plugin such as NoScript can prevent many of these infections," Onur Komili, malware researcher at SophosLabs, Canada, advises.
You can follow the editor on Twitter @lconstantin