In the last month, SecureWorks' Counter Threat UnitTM (CTU) has seen a general increase in malicious email campaigns trying to infect online users with the Zeus Trojan (one of the most pervasive financial-credential stealing Trojan) on the market. In the last three weeks, the CTU has also monitored a large increase in the number of email lists being sold on the underground hacker forums, coinciding with the start of the holiday shopping season.
Online shopping always increases during the holidays and with this comes more criminal activity so consumers need to ensure that they take precautions, whenever they are making online purchases. The CTU expects to see an array of scams including those involving fake holiday gift cards, coupons, electronic greeting cards, etc. Shoppers need to be on the lookout for any type of suspicious email or online offer.
Security Tips from the Counter Threat Unit for Online Shoppers
- Be wary of holiday gift cards and holiday coupon offers sent via e-mail-these often have malicious links within the offer which lead to downloads of info-stealing trojans or the hackers try to scam you out of your bank account information.
- When visiting your favorite online retailer to purchase gifts, be sure to type the actual Web site address of the retailer into your browser. Do not follow links provided by e-mail offers or pop up ads. Many times these are fraudulent sites made to look like the legitimate retail sites.
- When making online purchases, always use a credit card that limits your fraud liability. Avoid using debit cards to do online purchases when possible so as to limit your personal exposure to any possible fraudulent transactions.
- When making online purchases, always look at your Web browser for the https (as opposed to http) protocol that proceeds a Web address. The "s" let's you know that the Web site is providing a layer of security for transmitting your personal information over the Internet.
- Be wary of unsolicited e-mails, even from senders that you know, that include links or attachments. Before clicking on links or attachments, ALWAYS verify that the correspondent sent you the e-mail and enclosed link or attachment.
- Be wary of e-mails notifying you that your banking certificate or token is out of date and to download a new certificate or token. Before taking any action, verify with your financial institution by calling them on a number that is not provided in the email.
- Online computer users should avoid using weak or default passwords for any online site.