The goal is to steal credit card data by tricking people into applying for a non-existent update and offering a free gift. Clicking on the link takes the victim to a professional-looking site pushing fake software. Clicking on the download link then takes the user to a completely different site that asks for personal details.
In a blog post, Symantec Hosted Services malware data analyst Mathew Nisbet reminds users:
Any unsolicited email received from an unknown source should be treated as highly suspicious, especially one that requires visiting an external page by clicking a link.