Beware of Free Pizza (and Other No-Cost Cons)

You’ve heard it before: “There’s no such thing as a free lunch.”

Yet in recent weeks cybercrooks have tested that claim, with impressive success, in a new email campaign that promises a coupon for a free pizza allegedly sent by Pizza Hut.

Free pizzaDon’t bite. It’s the latest false freebie trick to install malware — in this case by clicking on a link to supposedly access a coupon for a free pie in celebration of the chain’s 55th anniversary. (It’s actually 58 years old.) What’s delivered instead is a specific type of virus known to infect and quickly spread among computers and Web servers to access email credentials and financial accounts or hijack computer data for ransom.

>> 10 Ways to Protect Yourself From Identity Theft

Although alert spam blockers tend to route this bogus Pizza Hut email to junk folders, it’s still being accessed by recipients at a rate four times higher than other recent massively distributed campaigns to spread malware, reports Andrew Conway of network protection firm Cloudmark Security, which uncovered this malware scam two weeks ago.

“Everybody wants to believe in free pizza,” Conway surmises as the reason for “seeing an unusually high number of people taking this email out of their spam folders.”

The smarter move: Be suspicious of free anything.

On search engines the keywords “free downloads” are most likely to lead users to malware-laden links. On Facebook some of the most popular scams falsely promise free merchandise like iPhones or other sought-after items. And expect more faux freebie offers by email, as they tend to increase during gift-giving season.

True, claims for a complimentary $7 pizza are certainly more believable than those promising usually expensive smartphones — and the Pizza Hut hoax was noticeably absent of the typos and Scammer Grammar found in other malware-loaded emails.

Before clicking on links that may harbor malware, follow these tips:

1. Without clicking, hover your computer mouse over the link. It should display a full website address that ends with the company name and .com or .org or words like “/coupon”). Don’t click on links ending with nonsensical characters, such as .cn.

2. If the URL doesn’t appear when you hover over a link, try this: Without clicking, copy and paste the email-provided link into a Microsoft Word document. Then right-click on the pasted link and select “Edit Hyperlink” from the menu that appears. This will open a pop-up window in Word that shows, in the “address” field, the Web address to which the link directs.

3. Compare the sender’s name and email address. With the Pizza Hut emails (and many others), they don’t match.

>> Get discounts on financial services with your AARP Member Advantages.

4. Ask yourself if you signed up to get email discounts from the sender. If not, assume that unsolicited correspondence or offers could be bogus.

5. Type — don’t link from emails — the address of recognized companies to authenticate offers. Legitimate freebie giveaways should be touted prominently.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Photo: Chepko Danil/Thinkstock

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.

0 comments