The internet can be a dangerous place, and if you don’t have security software in place and are hopeful of someone giving you free money, you might get burned.

We’re not even sure we know what “free money” actually is, but that won’t stop the masses from expecting that someone might be doing the Monopoly thing and issuing a bank error in your favour.

That rarely happens, and it surely doesn’t happen online, yet that doesn’t stop people from believing fake emails sent out with viruses attached, many of which cite how much money you would be theoretically receiving so long as you open a document.

The document isn’t really a document, however, and will instead activate a macro that opens up a virus, infecting your machine while — as expected — not delivering you any of that free money you had hoped for.

fake-email-transfer-scam-2015-01

Right now, the activity for these emails is on the increase, with AVG’s Michael McKinnon telling GadgetGuy that “in recent weeks there has been a surge in the number of malicious emails circulating, with a number of variants containing attached Word document files.”

“In terms of the payload, these are almost always variants of trojan malware, some implicated in banking fraud operations, and also sometimes ransomware,” said McKinnon, Security Awareness Director at AVG Technologies.

“The distribution of malware these days often uses techniques that will attempt to identify the victim’s computer and specialise the malware infection to suit. For example, if the victim is a business they will get ransomware, but if the victim is a home user they might end up with a banking trojan or remote access malware.”

fake-email-transfer-scam-2015-04

What’s the difference between these?

Well, if you are that business owner or operator and you get ransomware, opening that expectation of free money will likely result in important files getting locked down and encrypted with a rather complicated key. The only way to unlock this vault to get at your files is to pay a ransom, hence the term “ransomware”.

Meanwhile, home users getting infected with banking trojans will find their details possibly accessed and bank accounts compromised as their information gets transferred to a random location, while remote access malware is similar to what those fake phone support scams aim for and allow a user to break into your computer from outside your home.

“It is important to acknowledge that there is not one type of malicious email,” said McKinnon, telling GadgetGuy that “they can appear to be invoices, receipts, shipping notifications and other business related items”.

“It is critical that people keep their wits about them, particularly in businesses where employees in finance and accounting roles are often in the habit of opening and processing hundreds of emails each day that contain attached files just like these,” he said. “It is very easy to be caught off guard, which is why you need the technology protecting you as well.”

Security solutions are obviously the best thing to have on your computer, but education is still key, so if you see one of these fake transfer emails, fake bank account emails, or anything else that looks too good to be true (and probably is), steer clear.

Three of the four or five emails we've received this week. They're all fake, and they all contain documents that will hurt us if we click on them. Don't do it, people.

Three of the four or five emails we’ve received this week. They’re all fake, and they all contain documents that will hurt us if we click on them. Don’t do it, people.