An ugly new email virus scam masquerading as a delivery notice could foul up your finances this Christmas season.
I've been alerted by security firm Dell Secureworks that there's a Zeus banking Trojan making the rounds disguised as a very legitimate looking FedEx shipping confirmation. (See photo.)
I have a FedEx account and I've seen the legitimate package tracking confirmations before…and I can tell you this does *not* look one stitch different than the real thing.
If you click on the link in this email, the Zeus is promptly loaded onto your computer or your smartphone. And then…nothing happens. You forget all about it while the Trojan sits there lurking and capturing your every keystroke to get your username and password for sensitive financial accounts.
The takeaway here is simple: Do not click on any link in any email you were not expecting. If there's a question and you think there's a legitimate message or notification intended for you, go directly to the official website of whatever business it is and check for any notifications there.
Meanwhile, if you're looking for mobile security, try a freemium service called MyLookout.com that offers protection for smart phones running Android, Blackberry, or Windows. And don't forget antivirus on your computer at home too. Check out my list of free options for virus, spyware, and malware protection by searching keyword "virus protection" on ClarkHoward.com.
Dell Secureworks reports that in addition to the fake FedEx shipping confirmation, other subject lines are being used by scammers right now. Here's a quick look at what to avoid if it shows up in your inbox:
- "You have a New encrypted message from your bank"
- "USPS is notifying you that your package is available for pickup"
- "You have received your payroll invoice"
- "Your FED TAX payment was rejected"
- "Advisors Online Documents Activated"
- "Transaction notification from your bank"
- "Docusign To all Employees - Confidential Message"
- "INCOMING FAX REPORT"