“We have hijacked your baby,” reads the subject line of the e-mail that began flooding inboxes in September.
Most recipients probably laughed it off, knowing their children were not in the hands of cyberkidnappers, especially ones with such poor English: “You must pay once to us $50,000,” the e-mail read. “The details we will send later.”
To some people, however, the message was anything but funny. “We were immediately notified after citizens who received this e-mail called the school to check on the welfare of their child,” says Cmdr. Dave Hoffman of the Naperville, Ill., Police Department, who quickly issued a warning about this hoax.
But the reaction that the scammers sought was curiosity. The bait was this poorly written but enticing closing line: “We has attached photo of your fume [family].”
Those who clicked on the attachment unleashed a computer virus designed to steal the user’s passwords and gain access to online bank accounts and other personal information.
Other examples of malicious spam include e-mails with attachments claiming to be airline ticket confirmations, invoices or online banking forms from newly merged banks. In each case, clicking on the attachment launches a computer virus that captures personal information stored on your computer, then relays it to a sender who’s out to commit identity theft. The sender is often a cybercriminal in another country, experts say.
The e-mails can also conceal viruses as attachments to jokes, online greeting cards and “news” alerts claiming to be from CNN and other legitimate organizations. One had “Obama win” in the subject line and a return address of firstname.lastname@example.org, according to Sophos, a computer security firm. Such viruses not only can steal your identity, they can destroy your computer. Last year, malicious spam cost U.S. consumers some $7 billion and forced 850,000 Americans to replace their computers.
In recent months, the problem has burgeoned. Sophos found that one in every 416 e-mails sent from July to September contained an attachment designed to infect the recipient’s computer. That’s eight times as many as in the previous three-month period, according to the company.
For Mac computer owners, opening one of those poisonous messages may do no more than slow down your system. But if you have a PC, there can be real trouble.
“Organized criminals are causing havoc for Windows users in the hunt for cold hard cash,” Sophos official Graham Cluley said in a press statement. “Too many people are clicking without thinking—exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts.”
His advice: “Never open unsolicited attachments, however tempting they may appear.” Instead, delete, without opening, any unsolicited e-mail or forward it to the FBI’s Internet Crime Complaint Center.
You can also help ensure that your computer isn’t infected by running antivirus scanning software at least once a week.
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.