Five scams and threats to avoid this holiday seasonby Steve Ragan - Oct 8 2009, 21:00
Looking ahead to the start of the holiday rush next month, The Tech Herald spoke to Fred Touchette from AppRiver, who gave us a simple list of five scams and threats to avoid over the coming months.
Considering that October is National Cybersecurity Awareness Month, take note of two of the items on the list that are related, but address separate cybersecurity crimes. These two things you should avoid all year round.
Cyber Monday is the first Monday that follows Thanksgiving in the United States. It’s the biggest day of the year for holiday bargains and shopping online. This year, it falls on November 30. As shoppers gear up to shop in cyber convenience (mostly from the comfort of the office cubicle), criminals are gearing up to launch a slew of scams online. A given to us from Touchette, here are five things to keep a lookout for, and avoid this holiday season.
Avoid fake e-Cards: Strangers will never send their very best, unless it’s new Malware.
This has become a very commonplace tactic for Malware authors, especially around holidays or special events. The fake “eCard” arrives in many forms. Some of these simply arrive in plain text, some utilize flashy convincing graphics, but all have the same thing in common: a link to download malicious software.
This technique has been around for several years and hopefully the word is out to take heed, but because everyone has that one relative that enjoys sending legitimate eCards, you must be able to discern theirs from the malicious ones.
Rule number one, if you don’t recognize the sender, delete it. Also, if the e-mail is not addressed to you specifically, has a generic greeting such as “Dear friend”, or contains, “It’s been a long time,” delete it. If the link in the email directs you to download an executable program, delete it. Make sure to hover over the link with your mouse to see the real destination, as many of them will say one thing and take you somewhere else.
It’s also important to note that legitimate e-card sites, such as Hallmark or Blue Mountain, have eCard safety information on their sites. So, if you have any questions or concerns about an eCard you’ve just received, simply visit the above-mentioned websites to view a sample of the company’s eCard to learn exactly how that company’s cards are supposed to look.
Fake holiday products: Beware of the holiday deals that just fell off the truck.
The holidays bring about an influx of online shopping, and with it a huge push in “spammy” products. These products are most often promoted via Spam emails, but they also reside on fake websites designed to steal banking credentials, or to simply sell cheap knock-off products. It is a good idea to avoid shopping from online companies that are unrecognized. If you have not heard of a company, do your research. If you don’t acquire enough information on the company to be 100-percent sure they are legit, move on.
Letters from Santa: Do some research before you mail off those letters.
There are many services on the Internet that offer personalized letters from Santa Claus that can be mailed to your children, and many of them are legitimate. Unfortunately, many are not. If you like the idea of getting one of these letters for your children, it is very important to do your research.
How long has the company been in business? Is their Web site newly registered? If so, make sure to check the Better Business Bureau, as it will better inform you about the companies existing online today.
[As a father, I’ve sent letters from Santa. The only place I’m comfortable recommending has quite a history and has been around since the 1950’s. The letters were just fine and arrived for the boys well before Christmas. You can check them out here. However, if not using them, do the legwork and remember that the letter should at least be postmarked from North Pole, AK. -Steve ]
Phishing: Criminals don’t want to hook trout. They want to hook you.
[The following two examples are just that, two examples that are common Phishing attacks. The advice Touchette offers is valid year-round.]
Many people enjoy the convenience of shopping online, as well as the convenience and trust of institutions such as eBay and its sister company, PayPal, for brokering their online purchases. The cybercriminals are well aware of these facts and are ready to take advantage of someone who is not paying attention.
Although it is a year-round occurrence, an uptick of emails linking readers to false eBay and PayPal log-in pages takes place during the holiday season. Oftentimes, it is possible to run across such scams in the wild as well, meaning just browsing around the internet. Stay alert, and ensure that if you do come across one of these log-in pages, you intended to be there in the first place. Also, avoid following links and type desired addresses directly into your browser.
Bank-targeted Phishing attacks tend to increase over the holiday season. Although easier to avoid, victims often pay larger dividends to this online scam. Phishing attacks usually arrive via email and contain a link that supposedly logs you on to your bank account.
First, a bank will never ask its customers to log into an account through a link sent via email. In general, banks will never discuss customer account information in an email. And on occasion, banks will send e-newsletters to account holders that simply contain general information, not specific account information. Other points of interest in this scam include poor spelling, poor grammar, generic greetings such as “dear sir/madam”, or “dear account holder,” or shoddy graphics.