Malware is even more abundant during the holiday season, here are some tips to avoid holiday-related scams
As more and more people do their shopping online, for network administrators that unfortunately means more and more people do their shopping online at work. I’ve given you tips to secure yourself online before, but our friends at MalwareBytes (more on them at the end) have passed on some great holiday-specific tips to avoiding malware.
November 30 was National Computer Security Day and even though it fell on a weekend this year and did not get much publicity, it couldn’t have come at a better time. It stands as a reminder that as we enter the holiday season, cyber criminals are working harder than ever to try to scam you or infect your computer with malware. These threats come in all varieties – emails, malicious websites, phishing scams, as well as fake contests and charity drives.
So, whether you are the one shopping online at work and don’t want to be the person that infects your entire network, or you are the realistic network admin, who wants to make sure your users are at least shopping safely, here are 3 kinds of malware to avoid and some tips to remain free of malware this holiday season.
Free Gift Card Spam
This one is easy to fall for, and will most likely be found on a social network like Facebook. The offer will be from a brand you recognize:
It sounds appealing, but these are most often fake offers. Clicking on it probably won’t bring down your entire network, or even your computer, but they o compromise your personal information. You will be asked to fill out surveys or otherwise jump through hoops to collect your offer, and all this amounts to is you handing over personal information to the bad guys.
If you see an offer and you are not sure it’s real or not, Snopes.com is a good website for information about whether something is a scam or not.
While not as common as they used to be, E-cards are more prevalent during the holidays and the scammers don’t want to miss this golden opportunity to infect your computer with malware. Spam filters are getting better all the time at sniffing these out, but cyber-criminals will send fake E-cards meant to look like they came from someone you know and trust, or send you a notification that you have an E-card waiting for you. There are a host of things that can go wrong here, from giving up personal information, to sending you to an exploit site to sending you malware directly through the email.
If this is a concern, Scambusters.org has a great primer on E-card scams.
UPS Malware Scams
Whether you buy yourself something online, or send presents to family members, few of us don’t use UPS or FedEx during the holiday season. That means we all track packages, and are all susceptible to the UPS, or Mail Delivery Scam. This one involves you receiving an authentic looking email, supposedly from UPS, or another shipper, offering you tracking information, delivery notification, or some other message about your package.
The fact is, when you ship something, the carriers will only send you a tracking number via email – not information about your shipment. It is up to you to take the tracking number to your shipper’s website and get your information there. If you click on a link in a malicious email, bad things can happen.
According to MalwareBytes, these emails can lead you to an exploit page that employs the use of the “Blackhole Exploit Kit” to infect your system with the Zeus Trojan! The second example requires even less effort because the “Attached Postal Receipt” is actually just a Fake Antivirus in disguise, infecting you with invisible malware and demanding you pay real money to get rid of them! As soon as the user opens the file to print out the receipt, they are infected!
More Online Holiday Safety Rules
MalwareBytes offers these tips in addition to what I already mentioned:
Don’t click on any advertisement for a deal that seems too good to be true.
Unfortunately, you can’t trust any holiday themed chain letter or greeting card you receive by email.
Only shop on secure and legitimate online shopping sites – look for HTTPS in the URL, not just HTTP.
If you get any email claiming to be from an airline, delivery service, travel agency, et – go to the merchants website to investigate what they are telling you.
Keep all your software (Operating System/ Web Browsers/Plug-Ins/Extensions/Java/Flash/Adobe Reader/etc.) up-to-date with the latest updates, checking for new ones as often as possible.
Make sure you are running an antivirus and anti-malware solution with up-to-date definitions as well as an advertisement-blocking program to avoid malicious advertisements.
How to get more information
PMI uses and recommends MalwareBytes as a part of our cyber defense plans. If you have any questions, feel free to contact me and I will do my best to assist you.
[Images and source material for this article are courtesy of the MalwareBytes blog]