Fake Apple invoices are appearing in inboxes that contain malware, a Blackhole exploit kit and a Trojan that is designed to log your keystrokes and ultimately compromise users’ bank accounts.
The multi-pronged approach was discovered by Sophos researcher Chester Wisiniewski, who reported it in the Naked Security blog.
The online criminals who circulated the fake invoices are using a form of social engineering where users think they are being billed for an expensive product they never bought.
In Wisiniewski’s case, he received an invoice telling him he ordered and paid for goods valued at US$699.
If a user clicks on any of the links contained in the email they are taken to a page proclaiming to be the IRS telling them their browser is unsupported – a typical Blackhole exploit trick – and offers a range of browser options.
As the page is displayed, your computer gets infected with the Zeus/Zbot Trojan.
If you click on any of the browser options, a file labelled update.exe is downloaded.
If the user opens the file their computer is automatically infected with the Trojan, which is designed to record your computer’s keystrokes and ultimately give criminals the information they need to access your bank account online.
Expect increased cyber-criminal activity during the Christmas period
“It is always a bad idea to click links that appear in our inboxes, but we may be more likely to do so when we think we are being charged for an illegitimate transaction,” Wisiniewski explains.
“Don’t do it. Like anything else, always be suspicious of things that come to you and use a trusted external method of verification. Go to the website of the company in question, call the number on the back of your card or billing statement.
“This is especially important advice at this time of year, as we typically see increased criminal activity during the Christmas season. Be on your guard,” Wisiniewski warned.