The holidays were pretty unusual for a lot of people this year. Most gatherings were small — if they happened at all — and some families weren’t able to get together due to the pandemic.
That socially distant holiday theme led to lots of gifts being sent via USPS or other methods. Tap or click here to find out how to sanitize your deliveries the right way.
There were also a ton of gift cards sent out to family and friends. You may have even been on the receiving end of a few e-gifts this year. If you’ve received gift card notifications in your inbox, you need to be aware of a new scam that’s going around. Otherwise, you could end up being a victim of fraud. Here’s what you need to know.
The new gift card scam
For the last month or so, the Cybereason Nocturnus Team has been tracking cybercrime campaigns related to the holiday season. Tons of different scams have been identified by watchdog groups since the start of the pandemic. Now there’s another scam to worry about.
This scam capitalizes on the uptick in online shopping that has occurred since the start of the pandemic. It uses a fake Amazon gift card to deliver the Dridex banking Trojan, which can infect devices and leave victims vulnerable to being hacked.
The new campaign targets users across Europe and the U.S. by sending spoofed emails to hundreds of thousands of inboxes. The emails are surprisingly deceptive due to the information’s official appearance and indicate that the recipient has been given a free $100 Amazon gift card.
The email includes an order number for the fake gift card, along with Amazon’s branding, and states, “We are delighted to enclose a $100 Amazon gift card as our way of saying Thank You.”
If the email is opened and the link is clicked on, it will automatically download malicious documents to the computer. This includes a Microsoft Word document and screensaver files that infect your device with the Dridex banking Trojan.
If that happens, it can cause massive issues. Dridex is one of the most notorious banking Trojans around. It steals electronic banking credentials and other sensitive information via methods that are hard to detect and remove from your device.
Dridex is commonly delivered via phishing emails like these that contain Microsoft Office documents with malicious macros. Many people know to keep an eye out for these types of attachments in their email, but the problem is that this one is a little trickier to spot.
To make sure victims aren’t suspicious of the automatic downloads with this particular scam, they’re redirected to the official Amazon page, which helps the scam appear like a credible giveaway. That makes it pretty difficult to decipher a real gift card email from the fake ones — especially when you add in the official-looking email and branding.
How to avoid Amazon gift card scams
Due to the emails’ official appearance and the tricky way the download link redirects to Amazon.com, it can be tough to spot these scam emails in the sea of gift cards in your inbox. One of the easiest ways to protect yourself is to use common sense.
If the offer appears too good to be true, it probably is. You will rarely receive an unsolicited “gift” from a company like Amazon, so if you receive an email stating that you have, you should go directly to Amazon customer service to verify. Do not click on any links in the email — verify that it’s a real email first. Tap or click here to find out how to safely contact Amazon.
If the email states it’s from a friend or family member, be sure to confirm directly with them before clicking on links in the email. If they didn’t send you a gift card, do not click the link in the email.
You should also check the email address to see if it’s a spoofed company name. Look for typos or unusual characters in the email address. The scam email may contain grammar or punctuation issues that you wouldn’t expect from a large corporation.
If you click a link and are asked to enter personal information or enable macros, do not do it. If you enable macros, you will allow malicious code to run on your machine, and you do not want that. It puts your banking and personal information at risk. Delete the email and run reputable antivirus software on your device instead.