Let's say you've just returned home from a trip to the beach when you're jolted back to reality by an unexpected e-mail from a funeral home offering condolences on the death of a friend.
The message tells you to click on a link for information on the upcoming "celebration of your friend's life." "Who died?" you wonder, as you cringe and click.
The good news is a friend hasn't died. The bad news? You've just infected your computer with malware.
In what the Federal Trade Commission is calling a new low in phishing scams, crooks have been trying to trick people into clicking on malicious links in e-mails that use names, addresses and logos from real funeral homes.
"The scammers probably are sending millions of e-mails [at random], just hoping someone will click on the link," said Nathaniel Wood, assistant director of consumer and business education with the FTC's Bureau of Consumer Protection.
Wood said the FTC wasn't sure when the fake funeral notices first went out but said complaints about them have spiked in the past few weeks.
He called the ploy despicable but not surprising. "Unfortunately, scammers are always looking for new ways to get people to open their e-mails and click on links. But this one is pretty rotten."
People may fall for the bogus funeral notices because they've been wondering about a friend who has been ill, or sometimes just because they are curious, Wood said.
"This is a situation where curiosity can kill your computer."
Anyone who suspects they've clicked on a malicious link should immediately run their security software to try to detect and delete any malware, he said.
Wood suspects a substantial number of people have been victimized by the fake funeral scheme. "The business model is to send out a lot of e-mails and even if a small percentage of people open them, they still are able to get their malware on a lot of machines."