November 22, 2011
New Phishing Webinar and the Traditional "Stay Safe Online During the Holidays" Tips
The holiday season — you know, Black Friday, Cyber Monday and those other ones — is once again upon us.
Here at Proofpoint, we celebrate the season with two fine traditions: An inbound email threats webinar (see the bottom of this post for more details) and a reminder about how to stay safe online during the busy holiday shopping season.
At this time of year, both snail mail and email inboxes start to get full of special offers, catalogs and the like.
As the volume of legitimate email marketing increases, Proofpoint also sees the volume of spam, phishing and other forms of scam email increase as well. The chart below shows the relative volume of "obvious" phishing messages in Proofpoint's spam traps over the last month (click the image for a larger view):
Over the course of 2011 we've seen spear phishing messages revealed to be the exploit at the root of many high-profile data breaches.
In the same way that enterprises and government organizations need to be wary of phishing messages and other types of threats, consumers too need to be especially careful around this time of year.
So, once again, let me reiterate our “Seven Simple Rules” for staying safe online during the holidays (or any time of the year) which explain some of the tactics that scammers use and the important steps consumers can take to protect themselves. Keep these tips in mind this holiday season and share them with your friends, family and email users!
Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays
1. Be aware: View with suspicion any email with requests for personal identification, financial information, user names or passwords, especially during the busy holiday season when spammers and scammers use the increased volume of legitimate promotional email as “cover” for their attacks. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email.
2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments. Never click email links or open attachments from anything but 100% trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.
3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.
4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information.
5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the holiday shopping season, when cyber attacks typically increase and busy consumers tend to be less attentive. If you see anything suspicious, contact the financial institution immediately.
6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook, LinkedIn and Twitter are commonly used to deliver the same kinds of scams and malicious links to unsuspecting users. Be wary 0f social media notifications—such as friend requests, security notices and message notifications—that arrive via email. Scammers have spoofed these sorts of messages to deliver links that lead to fraudulent sites or malware.
7. Make security your first stop: If your holiday includes giving or receiving a new computer (or tablet, netbook, operating system upgrade, etc.) always install a good desktop anti-virus or Internet security solution before doing anything else online. Always make sure that your net-connected computers are protected by such a solution—and that you keep your subscription up to date! Reputable vendors include F-Secure, McAfee and Symantec.
There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. But be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers usually lead to fraudulent anti-virus solutions that are actually malicious software.
If you'd like to learn more about the latest phishing threats, and new techniques for stopping them, attend our upcoming live web seminar Don't Get Hooked by the Latest Phishing Attacks (December 14th, 11 a.m. PT/2 p.m. ET). To register, visit the link — or simply fill out the form below:

