With Cyber Monday fast approaching, online shoppers need to be wary of Holiday Cyber Scams, where hackers try to infect unsuspecting users with everything from banking malware, such as the ZeuS Banking Trojan; Ransomware, such as CryptoLocker (malware which encrypts your computer files, which are held for ransom until you pay hundreds of dollars for the decryption key); to spam bot malware.
The hackers spam out thousands of emails, often disguising their malware in bogus Holiday Coupons and Gift Cards for Popular Gift Items, Holiday Greeting Cards, Holiday Photos from Friends and Family, etc. Be on alert with all emails, even if you know the sender, as the attachments or links often don’t lead to the “deal of a lifetime” but to malware. Always contact the sender to ensure that they sent the email with the attachment or link. If you cannot contact the sender directly then avoid clicking on the attachment or link. For coupons and gift cards from specific retailers, go directly to the retail site for the coupon/gift card offers. Type the retailer’s website directly into your browser. Do not follow links provided by an email or pop-up ad, as these could be fraudulent sites made to look like the retail site. Enclosed is a list of “Security Tips” from Dell SecureWorks to protect Online Shoppers during the holiday season and beyond.
Security Tips for Online Shoppers
- Be wary of holiday gift cards, holiday coupon offers, holiday cards, photos, etc. sent via e-mail-these often have malicious links within the offer which lead to downloads of info-stealing Trojans or the hackers try to scam you out of your bank account information.
- When visiting your favorite online retailer to purchase gifts, be sure to type the actual Web site address of the retailer into your browser. Do not follow links provided by e-mail offers or pop up ads. Many times these are fraudulent sites made to look like the legitimate retail sites.
- When making online purchases, always use a credit card that limits your fraud liability. Avoid using debit cards to do online purchases when possible so as to limit your personal exposure to any possible fraudulent transactions.
- When making online purchases, always look at your Web browser for the HTTPS (as opposed to HTTP) protocol that proceeds a Web address. The “s” let’s you know that the Web site is providing a layer of security for transmitting your personal information over the Internet.
- Be wary of unsolicited e-mails, even from senders that you know, that include links or attachments. Before clicking on links or attachments, ALWAYS verify that the correspondent sent you the e-mail and enclosed link or attachment.
- Be especially cautious of clicking on links posted on social networking and micro blogging sites. Shortened URLs make it easier to share, tweet or email links but they also create a security threat, as it easy to disguise the destination of the malicious links.
- Ensure that your browser, browser plug-ins (such as document viewers, music and video players, rich content applications), anti-virus, and other software are patched and up-to-date. Patch management is key. It is critical that as soon as they become available you install updates for your applications and for your computer’s operating system.
- Computer users should use a computer dedicated only to doing their online banking and bill pay. That computer or virtualized desktop should not be used to send and receive emails or surf the web, since Web exploits and malicious email are two of the key malware infection vectors.
- Reconcile your banking statements on a regular basis with online banking and/or credit card activity to identify potential anomalous transactions that may indicate account takeover.
- Be cautious about installing software (especially software that is too good to be true – e.g., download accelerators, spyware removal tools), and be conscience about pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often this free software and these pop-ups have malware embedded.
- Be wary of e-mails notifying you that your banking certificate or token is out of date and to download a new certificate or token. Before taking any action, verify with your financial institution by calling them on a number that is not provided in the email.
- Online computer users should avoid using weak or default passwords for any online site.