There's a good chance you didn't win a $200 Apple Store Gift Card, but if you clicked the link or attachment in the "winner" email, you probably will claim a nasty piece of malware.
“Dear client! You got our $200 Apple Store Gift Card,” the message, crafted to look like a legitimate email from Apple, reads. “Please click the link or look at the attachment to obtain the Apple Store Gift Card code.”
Victims that follow the dubious instructions will instead download malware that steals data from their computer. A MacRumors report indicates the malware only compromises Windows-based machines.
The piece of spam currently making the rounds came on the radar of security researchers at Webroot, who detailed the nature of the campaign in a post.
“What's particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails,” cyber crime researcher Dancho Danchev wrote in the post.
Email phishing, spamming and scamming has been around for years, but lately attackers have become increasingly creative with their campaigns. SCMagazine.com reported in July of a nifty ransomware scam targeting Apple Safari users and reported one week later of a 21-year-old Virginia man who fell for it hard.