"We see malware and phishing attacks increase dramatically right before and right after the holidays," said Andrew Klein, Product Manager, SonicWALL. "The hectic pace of the holiday season combined with the dramatic increase in online and in-store transactions strains the attentiveness of consumers making them susceptible to scams they normally would be able to identify. Unfortunately, most consumers won't learn the extent of any damage until the holidays are over."
During the holidays, malware and phishing threats tend to show up in a variety of forms unsuspecting consumers would not expect. Malware is disguised as a multi-media Christmas greeting card from an old aunt. A phishing attack comes from UPS or an online retailer where they just completed a purchase. A Facebook "friend" nudges you to play a special holiday game. Your favorite online retailer offers you a special discount if you "click here."
To prepare consumers this holiday season, SonicWALL's Klein outlined the top ten threats for the season.
1. Online Purchases: Online transactions not only increase, they are also likely to be with vendors (i.e. retailers, shippers, etc.) you do not deal with often. If you receive an email that your "Credit Card was Denied" the best course of action is to contact the vendor directly using a phone number or email address you obtained from their website " not the rejection email. Also, type in the URL of the vendor into your browser. Do not click on a link in the email itself. 2. After Holiday Attacks: Right after the holidays, the bills arrive and, given the number of transactions, you may only glance at the charges. Don't. Carefully review all the charges and make sure you know that all are valid. This can be hard when multiple people use the same card over the holidays, but do it. Often scammers make a small charge on a card as a "proof of use". A missed charge one month can lead a really large bill of fraudulent charges the next month. 3. Greeting Cards: Millions of e-greeting cards will be sent this holiday—some of them will be scams. When you open such messages, they may want you to download a program, codec, or other "code" to see a picture. Before you do anything, stop right there. Contact the sender through some other means and find out if the card is real before you proceed. Also, consider using alternative methods for greetings like using photo sharing service to share pictures. 4. Package Delivery Services: This type of phishing threat takes the form of a friendly notice from a package delivery service letting you know that there is a problem shipping your package. Typically the e-mail message includes a few lines such as "We tried to deliver your package, but were unable to reach you. Please click here to reschedule your delivery," or "Open the attached document to see the problem". When you send a package you'll receive a tracking number. If you get an e-mail notice, don't click on a link in the email. Find the package tracking number and see if it matches the tracking number on the email. The alternative is to go directly to the delivery service web site and check the status yourself. 5. Holiday-themed videos: Using the holiday as the hook, you're certain to receive an invitation or two to watch the latest "Santa Gets Stuck in a Chimney" video by just clicking on a link. If the invitation (via email, chat, etc) is from a known friend then find out from them where the video is hosted (youtube, hulu, etc) and go to the site directly and search for the video. If the invitation is from an unknown person " delete it. 6. Social media threats: Over this past year, phishing and spam attacks dramatically increased on popular social networking sites like LinkedIn and Facebook. With more people connecting using Facebook and Myspace, consumers may get nudges and suggestions from "friends" to view their pictures, receive some special holiday "offers" or games to play that may be malware or a phishing attack. Decide right now, who are your real friends " the people you can trust not to send you junk. Everyone else can be "friends" whose "best holiday offer ever" messages can deleted. 7. Drive by Savings: Around the holidays we may find ourselves going to web sites we don't typically visit. Some of these sites may ask you to disable your pop-up blocker to "get extra savings", when you do you may get a really great offer if you just supply your email address. The results may be a discount, but almost certainly be more email spam in your inbox. Most reputable online web sites don't need pop-up windows to make you a deal. 8. Strange Searches: The holiday season brings web searches for "dog knickers" and other less typical items and the list of web sites may be less than familiar. Following a "Christmas" search result can take consumers to a web site hosting malware. If you click on a search link and you are asked to download anything to continue to that site, stop the search immediately. If you arrive at the site and you are asked to download a "plug-in" don't. If you think the site could be legitimate then go to the web site of the plug-in vendor (Adobe, Microsoft, etc) and download the plug-in from there. Then go back to the original site and see what happens. 9. Password Requests: If you plan on tweeting about your holiday greetings or plan on use e-mail accounts from cloud-based systems like gmail or yahoo mail, take extra precaution this holiday season. Your credentials may be subject to exploits and the address books you use for sending holiday greetings from these accounts may be used for e-mail harvesting. You can protect access to these different systems by protecting your account name and password. Protect your passwords by having a different password for each different service. Don't share them with anyone, don't email them, IM them or tweet them either. And be sure to change your passwords every so often. 10. Out of Date Passwords: The biggest trick happens when your system protection is out of date or is non-existent during the busy holiday shopping season. Make sure your firewall can not only block hackers, but also, malware and maybe even spam. Keep your anti-virus, anti-spam and anti-phishing software up to date. Finally, invest in a good content filter, one that identifies and blocks bad web sites.
"This holiday season, online consumers should be wary of any e-mail or social interaction that looks suspicious. They should always check to see if the e-mail or social interaction is legitimate," said Klein. "When shopping online, know how the online merchant communicates, especially in case of shipping delays and credit card matters. Assume that e-mail that either directly asks or indirectly asks for your account, financial, or identity information is fraudulent. Lastly, double-check your credit card statement—especially in January—for incorrect expenses. With these simple steps, consumers have a baseline for protection."
To test your phishing IQ knowledge before the holiday season begins, go to: www.sonicwall.com/phishing/. For more information about phishing, malware and other related threats, go to: http://www.sonicwall.com/securitycenter
About SonicWALL, Inc. SonicWALL, Inc., the leader in network security, develops solutions that remove the cost and complexity out of managing a secure network environment. With over one million award-winning appliances shipped through its global network of ten-thousand channel partners, SonicWALL provides end-to-end solutions that include firewalls, SSL VPN's, e-mail security and continuous data protection that collectively ensure robust and secure network protection. For more information, visit the company Website at http://www.sonicwall.com/.