Through email we can be victims of a wide variety of attacks. Many of the main threats come through this medium so widely used by users. Hackers look for ways to infect through campaigns, email baits, and strategies. In this article we echo a new deception in which malware is trying to sneak in with an email that carries a supposed Amazon gift card .
An Amazon gift card, the last bait by e-mail
Buying online is very common today. Especially in times like Christmas , there are many who make purchases through the computer or mobile device quickly and easily. However, this can also be a window for cybercriminals, since they take advantage of what is most used to carry out their attacks.
The last strategy is to send emails with fake Amazon gift cards . As we know, it is one of the most used platforms to make online purchases. This can cause the victim to open the email and thus the attackers can be successful.
Specifically, they are sending the Dridex malware through a fake email that carries an alleged Amazon gift card. It is a modular banking Trojan that is capable of carrying out various malicious actions, such as stealing login credentials, keylogging, screenshots or even installing other variants of malware.
In addition, a peculiarity that makes Dridex even more dangerous is that it allows attackers to access compromised networks and carry out ransomware attacks. It is, as we know, a very important problem in the network through which attackers encrypt systems and devices and later demand a ransom in return.
The campaign takes advantage of Christmas and the increase in purchases
These types of campaigns often take advantage of the circumstances of the moment. As we have mentioned, on these dates it is very common to make online purchases and platforms such as Amazon are very popular. This makes it not strange to receive an email from that service with information about an order that we have made, an offer or, in this case, even a gift card.
They are based precisely on Christmas to have a greater chance of success. Users open the email and later download an attachment that is ultimately the malware.
These emails have a Word file attached with names like Amazon_gift_check, Amazon_Gift_Card, Amazon_Gift_Card… Once the victim opens this file, a message will appear indicating that they were created online and that they need to enable the content to read it correctly. It is at this time that malicious macros are run that download and install Dridex malware.
How to avoid falling victim to this problem
Luckily avoiding this type of attack is very simple. The most important thing is common sense . Simply by not opening these types of unknown and suspicious emails we can avoid problems. But even more so, we must avoid opening attachments of this type, since Amazon, or any similar platform, would never send us a Word file of this type so that we can open it and obtain a gift voucher.
Beyond this, it is also very important to always have security programs . A good antivirus can prevent the entry of malicious software that puts our privacy and the proper functioning of devices at risk.
In addition, another issue to take into account is to always update systems and equipment to the latest version. This way we can solve possible vulnerabilities that are present, but also achieve performance improvements. We leave you a tutorial on how to buy safely on the Internet.