Security vendor Sophos reports that malware developers are using the lure of a free $50 iTunes gift card to spread malware Tomorrow is Black Friday–the official kick off of the holiday shopping frenzy here in the United States, and a day where every business in the world seems to run some sort of special deal to lure shoppers in. Malware developers are looking to get in on some of the Black Friday action as well.The Sophos Naked Security blog reports that there are fake iTunes gift certificates being distributed via email which are actually malware-laden file attachments. The prospect of a free $50 to spend shopping on iTunes is a compelling deal for rabid Black Friday shoppers.Given the economic malaise that continues to drag on around the world, it is easy to see why people might jump at this bait any time. When you mix it in with the avalanche of emails advertising Black Friday bargains, and the expectation that a few retailers will have awesome deals worth fighting for, it is even easier to understand why many might click on a file attachment that promises $50 to spend on iTunes.I have paraphrased the basic guidance from Sophos–which was paraphrased from USA Today–to help you avoid suspicious or malicious Black Friday deals: Protect Your InformationLegitimate businesses–at least reputable, respectable companies worthy of doing business with–will not ask you to share sensitive data via email, or with a link in an unsolicited email message. Any message that directs you to type your username, password, credit card or bank account numbers, Social Security number, or any other personal or sensitive information should be treated with suspicion. Beware False UrgencyAs long as there have been email spam and phishing scams, attackers have used urgency as a tactic to make people act. Think twice (or three or four times) before you click on any link or open any file attachment on an email message that implores you to act now. Generally, this is nothing more than a ploy to get you to act quickly before your common sense kicks in.Don’t Trust EveryoneAnother common tactic as old as email spam is to have the spam or phishing message come from someone you know. It may be that someone you know has been infected, and a virus or worm has infiltrated their contacts to send out messages to everyone they know in order to propagate the threat, or it may just be a case of a spam or phishing message that has spoofed the “From” information of the message to make it appear as if it is from someone you know. Either way, if it seems weird or out of character, it probably is. Don’t click a link or open a file attachment that seems suspicious just because it appears to be from someone you know.Enjoy your Thanksgiving. If you’re one of the dedicated, intrepid shoppers who will venture out for Black Friday bargains, have fun. Just don’t be in such a hurry to get a great deal that you let down your guard and end up compromising your PC. Related content opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO CSO and CISO C-Suite feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO CSO and CISO CSO and CISO news CIISec secures government funding to expand CyberEPQ program The funding will support places for 400 students with a focus on attracting a diverse pool of UK cybersecurity talent. By Michael Hill Oct 03, 2023 3 mins IT Training Careers Security news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO Technology Industry IT Training Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe