Gift card from your friend? Beware spammed out malware attack

Graham Cluley
Graham Cluley @

 @grahamcluley.com
 / grahamcluley

Cybercriminals are attempting to infect email users by spamming out a malware attack, posing as a gift card from a friend.

SophosLabs has intercepted a malicious spam campaign that has hit inboxes around the world, with a Trojan horse attached as a .PIF file.

Gift card for you malicious email

Subject: GIFT-CARD FOR YOU [number]
Attached file: gift-card.pif

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:
Hello! You Received GiftCard From your Friend,
Check it in Attached

With Best Regards,
Giftcard.com

Another version, with slight wording and typographical differences, reads:

Subject: GIFT-CARD From Your Friend [number]
Attached file: gift-card.pif

Message body:
Hi! You Received GiftCard From your Friend,

Check it in Attached
With Best Wishes,
giftCard.com

Many Windows users may not realise that just because a file has a .PIF extension doesn’t make it any less executable, or any less of a risk to their computer. Opening the file will infect unprotected Windows computers with the Troj/Agent-RNY Trojan horse.

The only defence for users is an up-to-date anti-virus product and a healthy skepticism about unsolicited emails which arrive out of the blue in their inbox.

Graham Cluley
Graham Cluley

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on LinkedIn, Bluesky and Mastodon, or drop him an email.

You may also like...

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.