PandaLabs, Panda Security’s anti-malware laboratory, warns users of a new email scam campaign that may compromise their security. As the global financial crisis continues, cyber-criminals redouble their efforts to get at people’s money using any tools available to them.
The latest scam takes advantage of email. Criminals gain access to the victim’s email account and send a message to every person in their contact list to extort money from them.
The message subject is “Muy Urgente” (“Very Urgent”) and always comes from a sender who has the victim in their email contacts. The message text explains that the sender is on vacation and has had their purse stolen with their credit cards and airline ticket inside, and needs money to get home. However, if the recipient falls for the scam and transfers the money as indicated in the email they will be contributing to filling the cyber-crook’s bank account.
“There are many variations of this type of scam. In this particular case, the message has been circulating the Internet for months now and is beginning to fade away,” said Luis Corrons, Technical Director of PandaLabs.
These fraudulent messages allow cyber-criminals not only to profit from victims, but also harvest addresses from personal and organization email accounts.
“One of the major problems victims of this type of attack face is the fact that the first thing cyber-criminals do is change the account’s password, preventing its legitimate owner from accessing it”, explained Corrons. “The problem can get even worse as many users use the same password for their Facebook or Twitter accounts, allowing cyber-criminal to control them and impersonate the victim”.
PandaLabs advises users to always use their common sense to avoid falling victim to this type of attack. In addition, consumers should have an effective security solution installed, or make use of free malware scanners like “Be wary of messages with these characteristics. Should you receive one, contact the sender directly by telephone, for example, and make sure the message is genuine” , said Corrons.