A new attack for Windows users comes to your email inbox in the guise of a $50 iTunes Gift Certificate. The only real payout, however, is malware that infects your Windows computer.
Purporting to come from “iTunes Online Store”, the malware comes as a ZIP file attachment to the message. Opening the ZIP file and running the code within may infect your computer with Troj/BredoZp-AM or Mal/FakeAV-BW according to Graham Cluley of security software maker, Sophos.
If you receive this e-mail, or any like it (different dollar amounts, etc), do not open the file attachments!
But How Can You Tell It’s Fake?
As with so many other attempts to infect your Windows system, there are clues to the e-mail’s fraudulent nature:
1) The e-mail as discovered by Sophos claims to be from software@itunes.com – an invalid address.
2) Genuine Apple iTunes Gift Certificates will include a Certificate Code to be redeemed within iTunes and will NOT be sent as a file attachment.
3) Genuine certificates will usually contain the name of the sender as well as a personal message.
Below is an example of a genuine e-mail certificate from the following Apple support article: http://support.apple.com/kb/HT2736
What About Other Attacks?
This latest attack is just one of many that claim to be from a well-known company or service. In just about all legitimate cases, you’ll rarely receive an e-mail attachment as part of the “offer”. If you ever have any doubts over the validity of an e-mailed offer, a quick phone call to the company in question should clear things up.
For more information about this particular attack, read the Sophos blog entry here: Danger! Fake $50 iTunes certificate carries malware