Yes, the holiday season is approaching once again and along with holiday celebrations and shopping — especially "Cyber Monday" and "Black Friday" sales, which seem to start earlier every year — also comes an increase in online threats.
Over the past several years, Proofpoint security researchers have observed that the that the volume of attacks — including phishing email attacks, social media exploits and other types of malware attacks — typically increases during the holiday season. Many of these attacks are engineered to take advantage of the consumer mindset during the holidays.
Our October 2012 report on email security threats found that, on any given day, phishing attacks represented 10% to more than 30% of total unsolicited email volume and this trend has continued into the first part of November.
So, as is traditional here at Proofpoint, I wanted to take a moment to remind you of our "Seven Simple Rules" for staying safe online during the busy holiday season. Read on for our updated tips for 2012 and feel free to share them with your friends, family and email users!
As usual, we also have a couple of early presents for you IT security types: December's live web seminar "Targeted Hybrid Attacks: 2012 and Beyond" will feature special guest Rick Holland, security analyst for Forrester Research. And you can read Rick's latest research, The Forrester Wave™: Email Content Security, Q4 2012, compliments of Proofpoint.
Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays
1. Be aware: Always view with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. Today’s malicious emails and phishing attacks are disguised as communications from all sorts of organizations, including banks, money transfer services, government agencies, media outlets, and package delivery services.
2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. In addition to attempting to gather your personal login credentials, these phishing sites may also automatically install malicious software, without your knowledge. Increasingly, scammers are using link shortening services to disguise the true destinations of their links. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.
3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.
4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site (using a Web address you already know) and ensure that the page you are using is secure before entering sensitive information.
5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the busy holiday shopping season. Many scammers count on consumer inattention to get away with fraudulent charges. If you see anything suspicious, contact your financial institution immediately.
6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers continue to distribute malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.
7. Make security your first stop: If your holiday includes giving or receiving a new computer, mobile device or upgraded operating system, install a good anti-virus or Internet security solution before doing anything else online. Reputable vendors include F-Secure, McAfee and Symantec. There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers commonly lead to fraudulent anti-virus solutions that are actually malicious software.
Have a safe and happy holiday season, OK?