Security Bulletin: Holiday Season Phishing

The following is a message from the US Computer Emergency Readiness Team regarding online safety and information privacy over the holidays.

Holiday Season Phishing Scams and Malware Campaigns

Original release date: November 18, 2010 at 2:17 pm
Last revised: November 18, 2010 at 2:17 pm

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not limited to the following:

• electronic greeting cards that may contain malware
• requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
• screensavers or other forms of media that may contain malware
• credit card applications that may be phishing scams or identity theft attempts
• online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

• Do not follow unsolicited web links in email messages.
• Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
• Maintain up-to-date antivirus software.
• Review the Federal Trade Commission's Charity Checklist.
• Verify charity authenticity through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for more information on social engineering attacks.
• Refer to the Shopping Safely Online Cyber Security Tip for more information on online shopping safety.

Relevant Url(s):

• http://www.us-cert.gov/cas/tips/ST04-014.html
• http://www.us-cert.gov/reading_room/emailscams_0905.pdf
• http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel01.shtm
• http://www.us-cert.gov/cas/tips/ST07-001.html
• http://charityreports.bbb.org/public/All.aspx?bureauID=9999
• http://www.us-cert.gov/cas/tips/ST04-010.html

====
This entry is available at
http://www.us-cert.gov/current/index.html#holiday_season_phising_scams_and

Love the Immaculata!
Mariam cogita, Mariam invoca