Now that we’re officially in the middle of the holiday season, there’s a flood of emails flying through cyberspace from family, friends, online retailers and charities. This heavy online traffic makes it easier than ever to sneak in malicious emails, targeting unsuspecting users looking to connect with old friends and find holiday deals. Whether it’s a phishing scam that is trying to snag your credit card number or a malware campaign that installs unauthorized code on your system from an email link, ‘tis the season to protect yourself.
So where, exactly, do these seasonal cyberscams come from? Many of these malicious Grinches send emails from fake URLs, disguising them to appear legitimate. Faux charities are another common scam designed specifically to take advantage of your generosity during the season of giving. Even friends and family may send what looks like an innocent forward your way, only to discover that they inadvertently launched some decidedly un-cheery, unpleasantness to your inbox instead.
However, if you take some basic online protective measures you’ll be in a lot better shape to avoid the latest cyberscams this holiday season:
- Change your email settings so that attachments aren’t automatically downloaded. This gives you more control over what gets into your system.
- Never open attachments or click URL links in emails from unknown or unverified senders. Even be cautious of known senders.
- Remember that cyberscammers can spoof return addresses; their malicious emails might look like a holiday e-greeting from Grandma judging from the subject line alone. If there’s nothing specific in the subject or body of the message (i.e. “Check out the great Holiday pics I took!”), it’s worth verifying with the sender before opening the attachment.
- Never respond to requests for financial information that arrive via email. Instead, visit the applicable site or account directly from your web browser to verify any claims.
- Always research charities and other organizations before you donate a penny.
- Keep your antivirus and anti-malware software updated and run regular scans to keep your system squeaky clean. Also assure that patches are applied regularly to the operating system.
- Listen to your intuition. If something seems fishy about an email, even if it’s from someone you know, don’t download any attachments or follow embedded URLs. Again, return addresses can be spoofed to look authentic and familiar, so use caution even with trusted senders.
Spread Cheer, Not Fear
There’s no better time than the holidays to wrap up a nice bit of malicious code masquerading as an online promotion for a major sale or a holiday e-card. That’s why the U.S. Computer Emergency Response Team (US-CERT) has released a security alert that focuses specifically on how to avoid holiday-related cyberscams. Additionally, the Anti-Phishing Working Group (APWG) offers a comprehensive list of suggestions on avoiding phishing scams that are good any time of year.
The holidays should be a time for celebration. Use smart online practices to help spread seasonal cheer, and stay safe this holiday season.
By Richard Harber
By Gretchen Hoffman
By Gretchen Hoffman