Malware distributors who try to trick people using topical subjects are, of course, the scum of the earth. But that doesn’t mean we shouldn’t acknowledge that some of them are more skilful than others.
Take, for example, two scams that have been unleashed on the public to tie in with Black Friday, Cyber Monday and the general boom in online purchasing in the run-up for Christmas.
The first to really hit the headlines came last week, involved a supposed $50 iTunes gift certificate, and was frankly a shoddy piece of work. Claiming to come from “firstname.lastname@example.org”, it was text only without even any HTML. It was written in very simple English of a kind you simply don’t see in major company marketing. It didn’t have a link to follow, instead relying on the victim opening up a zip file and then extracting and running the executable files inside.
But perhaps worst of all, it didn’t even make any effort to explain where the $50 certificate had come from. Yes, the scammers couldn’t even be bothered to do a bit of creative writing to give a story about Apple’s benevolence: hell, why not just say Steve Jobs left it to every customer in his will. And if creative writing wasn’t among the scammers’ skillset, surely they had the technical skills to do a mailmerge and use a name or e-mail address from the victim’s contact list as the alleged donator.
On the other hand, another scam that began earlier this month is really picking up steam now shopping season is in full swing. In this case the message appears to come from a UPS manager or customer services and reports that the shipping company has been unable to make a delivery. The victim is then invited to click a link to “Track your shipment now”, which is when the bad stuff happens.
Now these guys have got it going on. They’ve picked a theme of basic human frustration (along with the desire to get goodies) that could even get the most sceptical net user to lower their guard. They’ve picked a time of year where the hit rate of people who are indeed waiting for a delivery and could see the message as genuine is rocketing upwards. And they’ve gone to the effort of stealing the design, images and even the legal blurb of legitimate UPS e-mails to add that extra bit of credibility.
Malware scams are illegal, immoral and a plague on the Internet. But, hey, let’s at least give credit for effort.