Scammers Hijack Brands for the Holidays

While many people choose to spread good cheer during the holiday season, online gift shoppers can also count on cybercriminals spreading malware. They hope to prey on the stresses of last-minute holiday shopping and seek to distract consumers from being cautious with their personal information online. Bogus notices masquerading as email alerts from legitimate brands are one of the top malware distribution vectors making the rounds this holiday season, a new report shows.

One scam hijacked the DHL brand to send delivery attempt notifications from what purported to be DHL Express, according to an analysis of the 10 most prevalent threat detections made during November. The research was conducted by GFI Software, a security software company.

The legitimate-looking email notifications claimed that DHL had been unable to make a delivery to the victim's address and said that they needed to go to their local DHL office to present a postal receipt and claim their package.

When users attempted to print their receipt, they were redirected to a number of websites that infected their machines with a phony antivirus "ransomware" program. The bogus programs then blocked other applications from running, caused pop-ups and redirected victims to messages designed to scare them into purchasing the fake software.

A similar malware scheme hijacked the UPS brand for a series of bogus delivery notifications.

"Cybercriminals have a large pool of potential victims at this time of year as more and more people flock to online shops to buy holiday gifts and ship them with their favorite package delivery company," said Christopher Boyd, senior threat researcher at GFI Software. "No matter how crazy the season gets, users need to remember to practice the same good habits such as double-checking the source of email messages and confirming the destination of links before clicking."

Reach BusinessNewsDaily senior writer Ned Smith at Follow him on Twitter @nedbsmith.