Beware of ‘Wrong Transaction’ Hotel Spam

If you get an email message telling you a hotel has erroneously charged your credit card account, be careful. The odds are that it’s part of a new spam campaign that could infect your computer.
The messages started popping up in recent days and there are already many variants of the same theme – a hotel wrongly charged a credit card number and the victim is supposed to fill out an attached form to process the refund.

As per the fraud mail : “Please see the attached form. You need to fill it out and contact your bank for return of funds” read one such message, titled “Hotel Breakers Palm Beach made wrong transaction.”

The ‘refund’ form is actually a malicious Trojan horse program. When it is executed a pop-up announces “Software Installed” and has an “OK” button within a couple of minutes. Clicking ‘OK’ causes a connection to “heftyhips.com” on IP 66.197.251.53. which installs a fake antivirus software on the victim’s computer.

There are probably many other such domains which cause the download to begin and install this rogueware as well.

Fake antivirus software is a major annoyance. It points out bogus security problems on a victim’s computer and keeps pestering them until they pay out money, usually between US$40 and $120, to buy the fraudulent antivirus product.

By using Quick Heal Total security, such fraudulent mails get tagged as spam and users stay protected.
Quick Heal also blocks the malicious domains, detects the malicious attachments and installed rogueware files as well.

Ranjeet Menon