Fake Pizza Hut Anniversary Email Won’t Give You Free Pizza, Just Malware

An email supposedly from  Pizza Hut actually contains malware.

This e-mail that didn’t come from Pizza Hut (in spite of the half-baked attempt to make it look that way) contains malware that will give you more than indigestion.

Emails for free pizza might be few and far between, so when one shows up in your inbox you might be tempted to ditch those dinner plans for a few cheesy slices. But even the promise of free pizzas can be too good to be true, that was certainly the case this week when an email purported to be from Pizza Hut didn’t end in free pizza, but dangerous malware.

MainStreet reports the email claimed to offer consumers a free personal pan pizza in celebration of Pizza Hut’s 55th anniversary (despite the fact that the chain is actually 58 years old) was really a ploy to entice consumers into downloading a virus.

By clicking on the email’s “Get Free Pizza Coupon” consumers unleashed a dangerous file containing Trojan malware that can infect computers, workstations and web servers.

Officials with data and network security provider Cloudmark Security, which detected the scam last week, says that the ploy proved successful because it used consumers’ love of pizza against them, instead of the typical invoices used to spread malware.

“Everybody wants to believe in free pizza,” Andrew Conway, an employee with Cloudmark wrote in a blog post. “We are seeing an unusually high number of people taking this email out of their spam folders. Users are more than four times more likely to take this out of their spam folder than the largest recent malware spam campaign which claimed to be a notice to appear in court.”

While the email’s topic appealed to consumers, its vehicle left much to be desired in terms of imitating the pizza giant.

In fact, the email appears to be quite simple, a plain red background accented with yellow type. The offer lacks Pizza Hut’s actual logo, instead simply writing the company’s name in what appears to be comic sans.

Still, according to MainStreet, the scam evaded one hallmark of other scams: typos.

Conway says no matter how grammatically correct or appealing an email may be its best not to click on links in unsolicited emails, especially if it lands in your span folder.

“This botnet has been around since 2008,” Andrew Conway on the Cloudmark Security says in a blog. “It goes through sudden bursts of growth from time to time, and then cuts back in size, perhaps to avoid countermeasures from the security community.”

The particular botnet included in the imitation Pizza Hut email has been known to install other programs on consumers computer in attempts to gain access to email credentials, tap bank accounts or hold computer data for ransom.

Consumers who downloaded the file, but haven’t opened it could be in the clear if they simply delete the file. If the file has been opened, MainStreet suggests running an anti-virus program to remove the infection.

What You Don’t See: This Free Pizza Could Be Contaminated with a Virus [MainStreet]

[via OnGuardOnline.gov]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.