As the 2010 holiday season gets into full swing, and retailers and consumers get ready for the biggest shopping days of the year—”Black Friday,” the day after Thanksgiving in the bricks and mortar world and “Cyber Monday,” the Monday after Thanksgiving in the online world—both snail mail and email inboxes start to get full of special offers, catalogs and the like.
And as the volume of legitimate email marketing increases, Proofpoint also sees the volume of spam, phishing and other forms of scam email increase as well.
Malicious email gets more sophisticated every year and it’s getting harder and harder for the average consumer—and even experienced security professionals—to differentiate between legitimate and fraudulent offers that arrive via email.
During September and October of this year, we saw many new types of attacks that use malicious attachments or links inside of email that attempt to distribute malicious software. Consumers need to be especially careful these days and the number one tip is to avoid clicking on links in email, which is a hard habit to break!
My “Seven Simple Rules” for staying safe online during the holidays (or any time of the year) explains some of the tactics that scammers use and the important steps consumers can take to protect themselves. Keep these tips in mind this holiday season and share them with your friends, family and email users!
7 Simple Rules for Staying Safe Online During the Holidays
1. Be aware: View with suspicion any email with requests for personal identification, financial information, user names or passwords, especially during the busy holiday season when spammers and scammers use the increased volume of legitimate promotional email as “cover” for their attacks. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. Today’s malicious emails and phishing attacks are disguised as communications from all sorts of organizations, including government agencies, software vendors and money transfer services.
2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments. Never click email links from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.
3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.
4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information.
5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the holiday shopping season, when cyber attacks typically increase and busy consumers tend to be less attentive. If you see anything suspicious, contact the financial institution immediately.
6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers are riding the social media wave, commonly using malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.
7. Make security your first stop: If your holiday includes giving or receiving a new computer, netbook or upgraded operating system, install a good desktop anti-virus or Internet security solution before doing anything else online. Always make sure that your net-connected computers are protected by such a solution—and that you keep your subscription up to date! Reputable vendors include F-Secure, McAfee and Symantec.
There are also reputable free solutions such as Avast, so a lack of resources doesn’t mean you have to go without security. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers usually lead to fraudulent anti-virus solutions that are actually malicious software.