Let's say you've just returned home from a trip to the beach when you're jolted back to reality by an unexpected email from a funeral home offering condolences on the death of a friend.
The message tells you to click on a link for information on the upcoming "celebration of your friend's life service."
"Who died?" you wonder, as you cringe and click.
The good news is a friend hasn't passed. The bad news? You've just infected your computer with malware.
In what the Federal Trade Commission is calling a new low in phishing scams, crooks have been trying to trick people into clicking on malicious links in emails by making them think a loved one has died.
The emails use names, addresses and logos from real funeral homes, but so far don't appear to have been personalized with the names of actual people who have passed away, said Nathaniel Wood, assistant director of consumer and business education with the FTC's Bureau of Consumer Protection.
"The scammers probably are sending millions of emails [at random] just hoping someone will click on the link," he said.
Mr. Wood said the FTC wasn't sure when the fake funeral notices first went out but said complaints about them have spiked in the last few weeks.
He called the ploy "despicable" but not surprising. "Unfortunately scammers are always looking for new ways to get people to open their emails and click on links. But this one is pretty rotten."
Malware can be used to control a computer, forcing it to send spam emails or become part of a "botnet," which is a network of computers hijacked to perform tasks such as an attack on other computers, Mr. Wood said. The malware also could be collecting personal information, such as Social Security numbers, credit card numbers or tax information.
People may fall for the bogus funeral notices because they've been wondering about a friend who has been ill, or sometimes just because they are curious, Mr. Wood said.
"This is a situation where curiosity can kill your computer."
To avoid becoming a victim, don't click on any links in unsolicited emails, he said.
Anyone who suspects they've clicked on a malicious link should immediately run their security software to try to detect and delete any malware, he said.
Mr. Wood suspects a substantial number of people have been victimized by the fake funeral scheme. "The business model is to send out a lot of emails and even if a small percentage of people open them, they still are able to get their malware on a lot of machines."
For information on protecting against malware, visit www.consumer.ftc.gov.
Patricia Sabatini: firstname.lastname@example.org or 412-263-3066.