SAN JOSE, Calif., Dec. 9, 2010 /PRNewswire/ -- SonicWALL, Inc. the leading provider of intelligent network security and data protection solutions, today released tips on how to recognize and avoid the top holiday threats that well-wishers and online shoppers face this holiday shopping season. With the holidays fast approaching, phishers, hackers and scammers are preparing to attack by perfecting social media scams, developing new and different merchant phishing techniques, cultivating data harvesting methods and perfecting greeting card malware. Consumers can prepare by being aware of the top online security-related frauds and scams awaiting them this holiday season and by learning how to best protect themselves.
"During the holidays, the rush to quickly buy presents drives consumers to let their guard down and bypass their normal security precautions. Phishers and scammers are expecting this," said Boris Yanovsky, vice president of software engineering at SonicWALL. "We already see an increase in malware, Trojans and phishing attacks before the holiday season begins. This year, Facebook targeting is rampant. Unfortunately, consumers won't learn the extent of any damage until it's already too late and the holidays are over. Consumers should arm and prepare themselves now against the flood of holiday-related threats."
Malware and phishing threats tend to show up in a variety of forms consumers often wouldn't expect during the holidays. For example, malware disguises itself as a multimedia Christmas greeting card from a long lost friend. A new Facebook "friend" nudges you to play a special holiday game or directs you to "favorite" sites. Your favorite online retailer offers you a special discount if you "click here."
To stay protected during this holiday season, SonicWALL's Yanovsky gives tips to avoid the top 9 threats of the season:
1. Purchasing and payments: This is a big one! Phishing for additional personal information such as your credit card number is common during the holidays. Phishing threats posing as communications from retailers like Amazon.com, eBay or PayPal will notify you that they "were unable to process your credit card transaction" or need more details to process your transaction. Be sure a site is secure and reputable before providing your credit card number online. Don't trust a site just because it claims to be secure*.
There are two general indications of a secured Web page:
A) Check the Web page URL
Normally, when browsing the Web, the URLs (Web page addresses) begin with the letters "http". However, over a secure connection the address displayed should begin with "https" - note the "s" at the end.
B) Check for the "Lock" icon
There is a de facto standard among Web browsers to display a "lock" icon somewhere in the window of the browser (NOT in the web page display area!) For example, Microsoft Internet Explorer displays the lock icon in the lower-right of the browser window.
2. Holiday offers from your favorite retailer: Each year, anticipated holiday offers from spammers increase. Consumers may find "Special Shopping Offer" or "Special Discount" spam campaigns in their inboxes. But those may have nothing to do with a holiday bargain. Be aware that this may be a drive-by Trojan download. Never purchase anything advertised through an unsolicited email*. Ensure that the offer you receive is legitimate by double-checking with the Web site of your favorite retailer. If you do respond to a legitimate offer, use a primary email address for people you know and get yourself a secondary address for all other purposes. Never respond to suspicious offers, as this will confirm to the sender that your email address is "live."
3. Social media threats: Social media applications are top destinations to browse. With access to Facebook and MySpace now accessible via mobile devices, consumers are easily able to upload and share photos and other online information. Be on alert when you get "nudges" and suggestions from "friends" to view pictures, receive special holiday "offers" or invitations to play "games." You may become the victim of a malware or a phishing threat. Also, be aware that phishers are using social media for spam related purposes as spammers are looking to attract names. Change your Facebook privacy settings and configure them to meet your needs; you never can be careful enough about who views your information.
4. Discounted gift cards: With cash-strapped consumers looking at their wallets this holiday season, discounted gift cards may seem like an attractive gift option for stocking stuffers. Before you make your purchase, however, be sure that the Web site and the discounted offer are legitimate. Check with the retailer and use PayPal when making your purchase. If the site asks you to mail in an order or does not accept PayPal or credit cards, be aware, as you may become the victim of fraud.
5. Greeting card threats: During the holiday season, the number of electronic greeting cards sent via email grows exponentially. Clicking on an e-card or video holiday card can direct you to a link, then ask you to download Adobe Flash, another type of animation or a PDF. This can install dangerous malware on your computer. No matter whether or not you know the sender - assume that suspicious links, Flash video, animation or any PDF card, document or invoice are potentially malicious and dangerous.
6. Delivery threats (UPS and FedEx): This type of phishing threat (aka "Bredlow" or "Fake Antivirus" spam) takes the form of a friendly notice from UPS, FedEx or DHL. Typically, the email message includes a few lines such as, "We tried to deliver your package, but were unable to reach you. Please click here to reschedule your delivery." In the phishing case, once you click, malicious code gets installed on your computer and it will harvest your personal information. As with any online business transaction, never click on links that arrive unsolicited. When shopping or doing business online, instead go to the company website directly by typing the URL in your web browser instead of clicking on a link.
7. Holiday-themed games and videos: Consumers should be on the lookout for any "click here" messages associated with holiday games and videos, such as the Elf Bowling game. Do not open suspicious links. The links may open malware. For those asked to view videos, users may be asked to activate a plug-in and wait for a download of a java applet—essentially a fake video codec that may be cross platform malware or Java based malware.
8. Popular Google search results: While Google and other search engines have taken precautions to eliminate URLs that contain malware, searches using popular keywords like "Christmas" can still result in the download of malware. For example, a search for "free printable Christmas stickers" may lead to links that initiate a malware attack. Make sure that your system is updated with the latest virus protection and the latest security patches.
9. Harvest attacks after the holidays: Scammers frequently focus on November and December, the busiest shopping months, to gather email addresses of potential victims for later use in January. In fact, Trojan downloads are at an all-time high during November and December. Online shoppers should brace themselves for online fraud and phishing attempts during the second and third weeks of January—about the time December's credit cards bills arrive.
"Be wary of any email or social media interaction that requires your account or financial information even if it does not look suspicious at first," said Yanovsky. "Scammers and phishers will be looking for new ways to lure in consumers, especially with Facebook traffic at an all-time high, and with more and more consumers looking for discounts. When shopping online, know how the online merchant communicates, especially in case of shipping delays and credit card matters. Assume that any email that either directly or indirectly asks for your account, financial or identity information is fraudulent. Lastly, double-check your credit card statement—especially in January—for incorrect expenses. Using these steps as a baseline, consumers can stay protected this holiday season."
To test your phishing IQ knowledge before the holiday season begins, check out our phishing and spam quiz!
For more information about phishing, malware and other related threats, visit our security center.
About SonicWALL, Inc.
Guided by its vision of Dynamic Security for the Global Network, SonicWALL develops advanced intelligent network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications and protect networks from intrusions and malware attacks through award-winning hardware, software and virtual appliance-based solutions. For more information, visit http://www.sonicwall.com/.
Copyright © 2010 SonicWALL, Inc. All rights reserved. SonicWALL® is a registered trademark of SonicWALL, Inc. and all other SonicWALL product and service names and slogans are trademarks or registered trademarks of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners.
* http://www.ic3.gov/preventiontips.aspx#item-16ve owners
SOURCE SonicWALL, Inc.