Don’t easily believe the sensational and shocking news that spread through email. Chances are, aside from the false news, those email messages may also infect your PCs with malware, without you being aware of it.
If you have recently received an email with a subject headlining Colombian singer-performer Shakira’s death, don’t try to open it. According to the experts, the news is a hoax. Shakira is still alive and kicking. She has never been recently involved in any form of accident, like what the false news claims.
The email about the Latin American singer’s supposed death comes as the latest twist to an already old scam, which victimizes clueless Internet users who end up contracting data-stealing malware into their PCs. This has become an old trick that aim to lure unsuspecting victims through using false, shocking news about popular celebrities.
Spam mail in Spanish
The spam email comes in Spanish language. Aside from the false news about Shakira, its call to action is to open and read an attached Word document that supposedly contains more information, including photos, about the supposed fatal accident. Of course, that file attachment contains the malicious macro.
It is not surprising that the scammers chose to use Shakira. Just last July, the singer set a new world record after she emerged as the first person ever to reach 100 million likes on Facebook. The scammers may be aiming to victimize most of those followers. The use of the language also indicates that the scam is targeting a specific market segment.
Again, when the recipient of the email clicks on the file attachment in the malicious email, a message will instantly pop up providing more instructions on how to delete or remove security settings when using Microsoft Word. The malware would also do its work and immediately function to infect the PC.
What makes it more dangerous is that once the PC is infected, the malicious macro will try to download and install more malware into the PC from a specific site. The main malware involved is the one that attempts to steal security and persona information of users for scamming purposes.