In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holidays and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.
These phishing scams and malware campaigns may include but are not limited to the following:
- Electronic greeting cards that may contain malware
- Requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
- Screensavers or other forms of media that may contain malware
- Credit card applications that may be phishing scams or identity theft attempts
- Online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
- Do not follow unsolicited web links in email messages.
- Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
- Maintain up-to-date antivirus software.
- Review the Federal Trade Commission’s Charity Checklist.
- Verify charity authenticity through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
- Refer to the Recognizing and Avoiding Email Scams (PDF) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for more information on social engineering attacks.
- Refer to the Shopping Safely Online Cyber Security Tip for more information on online shopping safety.
View the original post and further updates at http://www.us-cert.gov/current/index.html#holiday_season_phishing_scams_and