The holidays are a busy time for everyone especially for hackers trying to phish your employees. Phishing is most effective when it exploits human emotions—fear, greed, anxiousness, curiosity, compassion, getting a good deal—and the holidays tend to bring these emotions out more than other times of the year. This gives adversaries a bevy of relevant topics to use to build phishing campaigns.
Cyber-criminals are aware of this and attempt to take full advantage of both the opportunity and the fact that because many people are so busy trying to get things done in time they let their guard down and become more likely to fall for phishing and social engineering threats.
There is also a large increase in data downloads due to holiday cards, jokes, screen-savers and other digital items that may appear innocuous and fun, but pose a significant threat.
We have kept track of the number phishing sites created since 2008. We pay particular attention to those that target Christmas shoppers and/or have holiday themes. There are plenty of these, and they persist all year. Unsurprisingly, they rise towards the end of the year, as seen in the graph below:
Cybercriminals target specific items that users might be looking for in particular when shopping online, such as gadgets (tablets, smartphones and DSLR cameras) toys, video games/consoles, software, and so on. We examined the most popular items sold and wished for on online shopping sites and compared them with the phishing sites we saw. We found that these were the most targeted items:
Here are nine current online security threats you need to be aware of:
1. Holiday charity scams
The holiday spirit is truly embodied by helping the less fortunate. The trick is making sure your contribution actually gets to whom it is intended to and not criminals looking to profit from your generosity. The best way to avoid being scammed by charity fraudsters is to reach out personally to the those charities to which you wish to give a donation. Money or payment information you give to a total stranger or an unknown charity is at risk. So if a cause touches your heart, please do give – just don’t automatically trust social media posts, emails, phone calls or the person knocking on the door. Ask questions and make an extra phone call.
2. Malware Heaven – Holiday downloads
The holiday spirit can be infectious, and hackers are banking on that. Offers for screensavers, animations or other holiday-themed downloads pop up everywhere this time of year. Unfortunately, they can also be jam-packed with all kinds of nasty malware. So if you don’t want a horrible surprise that will only dampen your holiday spirit, be sure to download from sources you know are legitimate, preferably those with clearly stated policies and procedures in place to help ensure malware-free downloads.
3. FedEx/UPS/USPS delivery notices
No one is busier during the holidays than parcel delivery services. Of course, hackers know this too, and will be sending out lots of phishing emails disguised as notifications from popular parcel services like FedEx, UPS and the US Postal Service, coaxing targets to open malicious attachments or follow links to fake sites. To stay safe, don’t click on any attachment or link you get in an email notifying you about a parcel. Legitimate emails will have a prominently displayed tracking number within the body of the email itself, not hidden in an attachment or behind a link. Even if you think it may be valid, don’t follow any suggested links, simply go to the site directly (like fedex.com, ups.com and usps.com) and enter the tracking number yourself. Also, don’t hesitate to call a company directly for assistance using the phone number on their site – avoid using any numbers contained in the email itself, as they too may be fictitious!
4. Holiday employment opportunities
When the holidays roll around, many employers need additional help, which is a great thing with so many people looking for work. However, be especially suspicious of any job offer that seems too good to be true, like high-paying “no experience necessary” or work-at-home jobs. Many times these types of offers will lead you to signup sites that are built just to gather your personal information. And if they want a payment of any kind to send you the information on the “guaranteed” job that’s being offered, forget it, it’s a scam.
5. Unsolicited offers
If you are sent an unbelievable offer, beware. Cyber criminals have been known to go as far as designing entire websites around unbelievable offers, and true to form, they will be targeting your personal information or direct access to your valid account. If at all possible, stick to retailers you know and trust. Paying a little bit more and actually getting what you purchased is far better than paying less and receiving nothing but headaches associated with identity theft and compromised accounts.
6. E-greetings
Be very cautious about following links contained in any e-greetings, even if they look like they come from a familiar source. Hackers will push out malicious holiday greetings as spam to huge groups hoping to get an initial victim to open it by chance, and then attempt to steal contact lists or break into email accounts. Once hackers achieve this, they can push out more phishing emails to friends and family making detection of the scam that much harder.
7. Items that are hard to find
From PlayStation and Xbox consoles, to Furby Booms and Big Hugs Elmos, some gifts are in such demand at this time of the year that they are going to be hard to find. So when that special offer shows up touting that one special gift still in stock, proceed with caution. Following links or actually making online purchases based on these types of offers can lead to problems such as bait and switch or worse. Reputable retailers don’t need to advertise for incredibly popular items and won’t waste precious time and money spamming “still available” offers.
8. Smishing – Texts with a punch
Smishing texts employ the same tactics as phishing emails, but they come to your phone. Beware of any text asking for personal information, pin numbers, etc. Dual factor authorization – when an online company sends login information via a text is getting common, and this is another avenue for a hacker to lure unsuspecting targets into divulging their personal and/or account information. Treat texts like every email you receive – with caution.
9. Quick cash offers
Bogus loan, credit and quick cash offers have long been hacker favorites, but with wallets and pocketbooks getting squeezed extra tight during the holidays, those offers can look more tempting than ever. Unless you are sure of the legitimacy of the offer, signing up for any type of financial account online can be highly risky. If you see an offer that really grabs your interest, verify the offer on your own, again, without using any links or phone numbers contained in the email offer. These scams are especially dangerous because setting up an online account requires you to reveal a lot of personal information, which can really expose you to identity theft and worse.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
Cyber-criminals are aware of this and attempt to take full advantage of both the opportunity and the fact that because many people are so busy trying to get things done in time they let their guard down and become more likely to fall for phishing and social engineering threats.
There is also a large increase in data downloads due to holiday cards, jokes, screen-savers and other digital items that may appear innocuous and fun, but pose a significant threat.
We have kept track of the number phishing sites created since 2008. We pay particular attention to those that target Christmas shoppers and/or have holiday themes. There are plenty of these, and they persist all year. Unsurprisingly, they rise towards the end of the year, as seen in the graph below:
Cybercriminals target specific items that users might be looking for in particular when shopping online, such as gadgets (tablets, smartphones and DSLR cameras) toys, video games/consoles, software, and so on. We examined the most popular items sold and wished for on online shopping sites and compared them with the phishing sites we saw. We found that these were the most targeted items:
Here are nine current online security threats you need to be aware of:
1. Holiday charity scams
The holiday spirit is truly embodied by helping the less fortunate. The trick is making sure your contribution actually gets to whom it is intended to and not criminals looking to profit from your generosity. The best way to avoid being scammed by charity fraudsters is to reach out personally to the those charities to which you wish to give a donation. Money or payment information you give to a total stranger or an unknown charity is at risk. So if a cause touches your heart, please do give – just don’t automatically trust social media posts, emails, phone calls or the person knocking on the door. Ask questions and make an extra phone call.
2. Malware Heaven – Holiday downloads
The holiday spirit can be infectious, and hackers are banking on that. Offers for screensavers, animations or other holiday-themed downloads pop up everywhere this time of year. Unfortunately, they can also be jam-packed with all kinds of nasty malware. So if you don’t want a horrible surprise that will only dampen your holiday spirit, be sure to download from sources you know are legitimate, preferably those with clearly stated policies and procedures in place to help ensure malware-free downloads.
3. FedEx/UPS/USPS delivery notices
No one is busier during the holidays than parcel delivery services. Of course, hackers know this too, and will be sending out lots of phishing emails disguised as notifications from popular parcel services like FedEx, UPS and the US Postal Service, coaxing targets to open malicious attachments or follow links to fake sites. To stay safe, don’t click on any attachment or link you get in an email notifying you about a parcel. Legitimate emails will have a prominently displayed tracking number within the body of the email itself, not hidden in an attachment or behind a link. Even if you think it may be valid, don’t follow any suggested links, simply go to the site directly (like fedex.com, ups.com and usps.com) and enter the tracking number yourself. Also, don’t hesitate to call a company directly for assistance using the phone number on their site – avoid using any numbers contained in the email itself, as they too may be fictitious!
4. Holiday employment opportunities
When the holidays roll around, many employers need additional help, which is a great thing with so many people looking for work. However, be especially suspicious of any job offer that seems too good to be true, like high-paying “no experience necessary” or work-at-home jobs. Many times these types of offers will lead you to signup sites that are built just to gather your personal information. And if they want a payment of any kind to send you the information on the “guaranteed” job that’s being offered, forget it, it’s a scam.
5. Unsolicited offers
If you are sent an unbelievable offer, beware. Cyber criminals have been known to go as far as designing entire websites around unbelievable offers, and true to form, they will be targeting your personal information or direct access to your valid account. If at all possible, stick to retailers you know and trust. Paying a little bit more and actually getting what you purchased is far better than paying less and receiving nothing but headaches associated with identity theft and compromised accounts.
6. E-greetings
Be very cautious about following links contained in any e-greetings, even if they look like they come from a familiar source. Hackers will push out malicious holiday greetings as spam to huge groups hoping to get an initial victim to open it by chance, and then attempt to steal contact lists or break into email accounts. Once hackers achieve this, they can push out more phishing emails to friends and family making detection of the scam that much harder.
7. Items that are hard to find
From PlayStation and Xbox consoles, to Furby Booms and Big Hugs Elmos, some gifts are in such demand at this time of the year that they are going to be hard to find. So when that special offer shows up touting that one special gift still in stock, proceed with caution. Following links or actually making online purchases based on these types of offers can lead to problems such as bait and switch or worse. Reputable retailers don’t need to advertise for incredibly popular items and won’t waste precious time and money spamming “still available” offers.
8. Smishing – Texts with a punch
Smishing texts employ the same tactics as phishing emails, but they come to your phone. Beware of any text asking for personal information, pin numbers, etc. Dual factor authorization – when an online company sends login information via a text is getting common, and this is another avenue for a hacker to lure unsuspecting targets into divulging their personal and/or account information. Treat texts like every email you receive – with caution.
9. Quick cash offers
Bogus loan, credit and quick cash offers have long been hacker favorites, but with wallets and pocketbooks getting squeezed extra tight during the holidays, those offers can look more tempting than ever. Unless you are sure of the legitimacy of the offer, signing up for any type of financial account online can be highly risky. If you see an offer that really grabs your interest, verify the offer on your own, again, without using any links or phone numbers contained in the email offer. These scams are especially dangerous because setting up an online account requires you to reveal a lot of personal information, which can really expose you to identity theft and worse.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment