When the holidays come around, many of us are busy with planning, gift buying and decorating, oftentimes forgetting to be diligent when accessing the web. Cyber criminals are well aware of this and are getting sneakier and changing tactics – moving from malicious attachments to “watering hole” style attacks that lure victims to a trusted (but compromised) URL destination.
During this time of year, people make more online transactions than usual, so it’s essential to be extra careful when sending financial and/or personal information, even to sources you think are reputable. While you may think you are saving time having a website save your details or registering with a website, make sure you think about how many new ways you are opening yourself up to having those details stolen should those sources become compromised by attackers. Not taking these steps to protect yourself could turn a morning of building your sweet new Lego Millennium Falcon into months of picking up the pieces of your now-stolen identity.
In this slideshow, AlienVault has identified common phishing traps users should avoid.
‘Tis the Season for Phishing
Click through for tips on how to avoid phishing email scams, provided by AlienVault.
If in doubt, don’t open the email attachment
Go to the website from your browser and look for the promotion. Unless the website has been hijacked, which the business hopefully notices soon, this is the safer route. While not perfect, going directly to a website is preferable to clicking on links in emails.
This may seem obvious, but your best defense is to pay attention when surfing the web. This includes knowing what sites you are accessing, who you are giving your personal information to, and what files you are opening.
If you get an email from your bank, doctor, house/auto lender, etc. that is asking you to supply personal information, take steps to verify the origin of the email. Contact the purported sender directly (don’t click on the ‘customer support’ link as it may redirect you to a malicious site) and see if they actually sent out that email. Doctor’s offices, banks, and other financial institutions are actually pretty good about not sending or soliciting information over email so, chances are, someone is trying to take you for a ride.
Double Check URLs
Is there a link in the email that the sender wants you to click? Read the URL a couple of times and make sure you are going to paypal.com and not peypal.com. You can also hover over the link or right-click copy/paste the URL into a text file to make sure that the “link” isn’t just a text label disguised as the URL. If the link is using URL shortening links, such as bitly, use extra caution.
Watch Shipping and Delivery Notices
While today’s malware and antivirus scanners can usually catch the majority of malicious executables, it’s really easy to alter the makeup of an existing file to the point where it can evade detection. Over the busy shopping period, you will probably get an array of “delivery” or “shipping” notices as normal. One technique attackers use is to disguise these as malicious attachments. Most online retailers will send these as the body of the email, so think carefully before opening an attachment.