It’s time for your vacation and you’re excited – you’ve planned a cruise and it’s going to be great! Now you have an email that contains important documents that you need to review and carry with you on your trip.
Not so fast.
The Barracuda Labs spam honeypots have picked up a run of spam impersonating emails from the Royal Caribbean International cruise company.
The email is well written, looks official and is part of a trend towards impersonation of “expected” email, emails that don’t arouse suspicion because of some pre-existing relationship with a business. In this case the spam might be quickly opened since at least some computer users are (or wish they were) booking a cruise. Unfortunately, as is so often the case with unsolicited email, the payload is a virus that lurks in the background and steals online credentials.
The spammers use an old-school trick to disguise that payload. In the email they specifically present the contents as a Portable Document Format (PDF) file, usually opened by Adobe Reader, and if you open the .zip file you’ll see what you think is a .pdf file.
The thing is, Microsoft Windows does not usually display file extensions, so this file only ‘appears’ to be a .pdf file, and spammers know that. You can change the default Windows settings for folder display like so
Once those settings are changed you can see what is really going on.
The file actually carries an .exe extension. It’s really a program posing as a .pdf file.
The lesson here is that even emails that are plausible looking on the surface need to be treated very carefully. Spammers have a huge bag of tricks they use to worm their way onto your computer. Don’t open unsolicited emails, and in the case of emails that might be legitimate, double-check with the named companies to see if it is legitimate before opening anything.