Holiday Phishing - The Grinch Loves Email!

December 3, 2014 | Garrett Gross
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Hey folks – its that time of year again! No – I’m not talking about spending time with loved ones, putting up holiday decorations, or even digging out that ugly sweater to wear to your hipster friend’s party. I’m talking about EMAIL PHISHING CAMPAIGNS!!

Image courtesy of searchenginegenie.com

That’s right. This is the time of year where most of us will be so busy with holiday planning, gift buying, blowing up air mattresses, etc. that we might forget to be diligent about how we access the web. Even the most savvy of users might not be paying attention when clicking a malicious link or opening a virus-laden file. Unfortunately, those that wish to steal our information are counting on just that.

Cyber criminals are also getting sneakier and changing tactics away from malicious attachments to "watering hole" style attacks that lure victims to a trusted (but compromised) URL destination. So, that email you just received from your favorite online boutique promising 75% off may not be the deal it is cracked up to be.

They also prey on the proclivity of lowering your guard when dealing with something or someone familiar. The email might look to be from a reputable source like your bank, doctor’s office, etc. or from someone you know. The message might even be related to your favorite hobby: photography, winter sports or, in my case, making bracelets from old cat hair.

In the spirit of the holiday season, my gift to you is a set of measures you can take to help protect yourself against the myriad of looming threats out in the wild.

If in doubt, don’t open the email attachment – go to the website from your browser and look for the promotion. Unless the website has been hijacked, which the business hopefully notices soon. While not perfect, going directly to a website is preferable to clicking on links in emails.

Pay Attention – This may seem obvious but your best defense is to pay attention when surfing the web. This includes knowing what sites you are accessing, giving your personal information to, and what files you are opening.

If you get an email from your bank, doctor, house/auto lender, etc. that is asking you to supply personal information, take steps to verify the origin of the email. Contact the purported sender directly (don’t click on the ‘customer support’ link as it may redirect you to a malicious site) and see if they actually sent out that email. Doctor’s offices, banks, and other financial institutions are actually pretty good about not sending or soliciting information over email so, chances are, someone is trying to take you for a ride.

Is there a link in the email that the sender wants you to click? Read the URL a couple of times and make sure you are going to paypal.com and not peypal.com. You can also hover over the link or right-click copy/paste the URL into a text file to make sure that the “link” isn’t just a text label disguised as the URL. If the link is using URL shortening links, such as bitly, use extra caution.

While today’s malware and anti-virus scanners can usually catch the majority of malicious executables, it’s really easy to alter the makeup of an existing file to the point where it can evade detection. Over the busy shopping period, you will probably get an array of "delivery" or "shipping" notices as normal. One technique attackers use is to disguise these as malicious attachments. Most online retailers will send these as the body of the email, so think carefully before opening an attachment.

Really, though, the “dangerous attachment” threat isn’t as prevalent these days. More often than not, malicious software is hosted on remote servers and victims are tricked into downloading and executing them via the nefarious methods described above.

Cybercriminals are well aware that this is the time of year when people make more online transactions than usual. Try to be extra careful when sending financial and/or personal information, even to sources you think are reputable. While you may think you are saving time having a website save your details or registering with a website, make sure you think about how many new ways you are opening yourself up to having those details stolen should those sources become compromised by attackers. Not taking these steps to protect yourself could turn a morning of building your sweet new Lego Millennium Falcon into months of picking up the pieces of your now-stolen identity.

Garrett Gross

About the Author: Garrett Gross
Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.
Read more posts from Garrett Gross ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial