I received a great newsletter this week from the Multi-State Information Sharing and Analysis Center (MS-ISAC) titled "8 Shopping Tips for the Holidays" and it got me thinking about all of the holiday-type attacks that I've seen resulting in compromised systems or an unhappy holiday experience.
The first ever holiday attack I witnessed was a fake FedEx notification to my husband, about eight years ago, during December, at a time in which he really was awaiting several shipments to be fulfilled. Upon clicking on the link, malware was installed that rendered his computer completely unusable. He's a smart IT professional - if it happened to him, it can happen to anyone!
So here are a few tips...
1) Don't click on fake shipping links. The "FedEx" attack comes back every year. Don't fall for it! When you want to check the status of your shipment, either logon to the site from where you purchased your item, or logon to the shipping site and type or paste in the shipping number directly. Never click on a shipping link in an email! And remember, attackers don't just mimic FedEx; I've experienced this type of phishing email simulating other shipment companies too.
2) Shop from known reputable merchants. Sometimes advertising that you see on your social media sites are actually links to fake websites to either install malware or steal your credit card information. Instead of clicking directly on those advertisements, try googling the product, or better yet - go search for it in your favorite shopping site (like Amazon). It's best to purchase from known reputable merchants to protect yourself and your purchasing experience.
3) Don't be scammed by unrealistic prices. Remember, if it seems too good to be true, it is likely a scam. Don't fall victim to a scam while seeking great shopping deals!
4) Don't click on links received in a text message. Last week I received three different text messages, supposedly from different financial institutions indicating fraud or some other problem with my account. Since two of these belonged to financial institutions for which I don't have an account, this felt like a scam. While this isn't necessarily a holiday attack - this could definitely ruin your holiday if your smartphone becomes unusable or your account is taken over at this important time of year. Avoid clicking on links sent in a text message! Using a separate means, such as a browser or your bank app, log directly onto your account and validate whether there are any important messages. Alternatively, you can call the institution to ask about the text message.
Visit our Cybersecurity Help site and/or the Multi-State Information Sharing and Analysis Center (MS-ISAC) for more tips.
Happy shopping this holiday season!