Scammers are exploiting Black Friday shopping enthusiasm with fake iTunes electronic gift certificates.
Victims receive an email that appears to come from the iTunes store, and containing a zipped attachment. This purports to offer a $50 credit at the store – but in fact deploys a malicious executable file.
The program is Mal/BredoZp-B, which opens up a back door to gain access to a user’s personal information, including passwords. It can also delete files and slow the PC down.
Eleven says that about half of the fake emails come from US IP addresses, with another ten percent from the UK. This, combined with the timing of the scam, makes it clear that Americans are the target.
“Thanksgiving and Black Friday are always a popular target for spammers and senders of malicious software,” says the Eleven security blog, which first reported the scam.
“The day after the holiday, with many shops offering big discounts, a major part of Christmas trading is carried out on that day.”
The scam is likely to be the first of many as the holiday shopping season really gets going.
“As the holidays ramp up, so do scams like this,” says Lisa Vaas of security firm Sophos.
“It’s understandable that cash-strapped holiday shoppers might be click-happy enough to try to lighten their holiday with $50 worth of free music, video and games.”