As the holidays approach, we’d like to remind everyone to remain vigilant when browsing or shopping online. E-mails and e-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.
There are some things you can do to avoid falling victim to seasonal campaigns that could result in security breaches, identity theft, or financial loss:
- Avoid following unsolicited links or downloading attachments from unknown sources.
- Refer to US-CERT’s tips to learn more about Shopping Safely Online and Avoiding Social Engineering and Phishing Attacks.
- Visit the FTC’s Consumer Information page on Charity Scams.
If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
- Report the attack to the police and file a report with the FTC.
- Contact your financial institution immediately, and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed, and do not use that password in the future. Avoid reusing passwords on multiple sites. See US-CERT’s Choosing and Protecting Passwords guidelines for more information.
Here are some additional tips on staying safe while shopping online this holiday season:
And, as always, you can contact Symplexity to learn other ways to improve your organization’s defense strategy.