Happy Easter Amazon Gift Card? Claim Your Costco Gift Card
If someone greeted you with “Happy Easter” we imagine a look on your face that might say “what planet is this person from?” We don’t think you would smile warmly and reply “Happy Easter to you too!” And yet, one of our readers contacted us to say “I just clicked on an egg, should I be concerned?” HELL YES! This fellow received a bizarre email last week saying “Happy Easter. Celebrate with us. Get your $1000 Amazon gift card” and he clicked the link. As his browser was headed off to the malware selection of the day, he had second thoughts and quickly closed his window. Then he returned to the email and, (dare we say it), clicked the Unsubscribe button. He told us that he saw an image of a face and immediately shut that window down as well. NEVER CLICK “Unsubscribe” IN SUSPICIOUS, SPAMMY, SCAMMY EMAILS! These links are just as malicious as the rest of the email!
Though this email was about an “amazon gift-card” it came from a domain used by Royal Caribbean Marketing, or so it seemed. Here’s what we discovered about this “chance to win”...
1. We used 4 different online tools to evaluate the destination of the links in the email and found no malware. HOWEVER, these tools are not always reliable. Some malware contains unique "zero day exploits” and may be undetectable for days or weeks by online services. Or, as we suspect, the link forwards the visitor to other links that are malicious.
2. We were unable to determine the exact destination of the links in the email. But Screenshot Machine visited the destination and landed on Google's search engine. That's not a good sign. The link clearly doesn't show that it leads directly to Google and the content of the email suggests otherwise. This tells us that another website was visited and then there was a redirect to Google. That's common practice by cybercriminals.
3. The email claims to be about Easter and for an Amazon gift card. Easter is months away and NOTHING in the links or redirects to Amazon at all. That's a bad sign.
4. The email came from a Royal Caribbean Marketing company. That has nothing to do with the content of the email or Amazon. Bad sign again.
Based on these points, we STRONGLY suspect that this email leads to a malware infection. But wait, we also told him that there may be some good news in these dark clouds...
a) He quit quickly after he clicked.
b) This happened, he said, on his iPhone. Malware threatening an iPhone IOS is rare, especially if one doesn’t “jailbreak” the iPhone and ONLY installs software from Apple’s App Store. (In 2019, Android phones had the most malware threats targeting them, according to researchers at Check Point and reported in this ZDnet.com article. TDS does NOT recommend jailbreaking any phone!)
Having said this to Mr. Egg-clicker, we also told him it was prudent to install and run some quality Antivirus software designed for the iPhone. We also recommended that he clear his Safari and/or Google browser's cache on his phone to remove any possible threats still lingering in his browser cookies. Finally, we told him to be hyper-aware of any more unusual emails or activities on his iPhone. And, as predicted, two days later he received this NEARLY IDENTICAL email again! But this time, it came from the domain eLifeThings[.]com.
A big fat delete!
Clickbait gift cards have LOOOOONG been the staple of cybercriminals. It’s so tempting if we believe that some big name store has sent us free money! But they are all lies and easy to see through if we look closely enough. Take this opportunity to “Win a $100 Costo Gift Card.” The email didn’t come from Costco and the links don’t point back to Costco.com. This email came from RewardForYou[.]info, a domain that was registered anonymously in early August and is now hosted on a server in London, England. The link for “Enter to Win!” points to a domain, webUSemail[.]co, that was registered in July. Step away from this precipice! When we safely visited this malicious link through a proxy, we arrived at a web page saying we were on an old version of Chrome and asking us to “Reinstall Chrome to Stay Secure.” That’s just more malicious social engineering!
Daily Scam Home Page