There has been an uptick in the targeted emails phishing for personal information and/or simply pushing malware. I’ve seen quite a bit come through and the cleverness of the Best Buy Receipt emails show the sophistication that many of these emails have reached. The Best Buy email does a remarkable job of rendering a receipt to include information about location and names (which fortunately are incorrect) in the message.
These emails are so well done, it takes a bit of work even if you are computer savvy to pull out the pieces to know that these are not legitimate emails. So it’s very easy to see how normal people (note the computer savvy person is not the normal one here…) would readily believe that these are legitimate emails.
As always, it’s personal diligence and a little extra attention that will help protect you against these campaigns.
- Know who your credit cards are from. If you get messages about your OrchardBank Card (a very popular one right now) and you know you don’t have an account there, it’s best to be wary and delete the messages.
- Know your bank policy on sending solicitations. No one will ever (well, they shouldn’t) ask you for information via email regarding your banking information. If you do get a solicitation, don’t click on it. Instead goto the known “real” site for your bank and log in there to check and see if it’s legitimate.
- Stick with the “if it’s too good to be true” saying. Please don’t expect to get iPads for all your family members this Christmas for $15 each. However, if you are a diligent shopper, you can get up early on Black Friday and get one for $399!!!
These are just a few recommendations I can make just based on what has been prevalent lately in this area. I’m sure there are many more and more to come.
From an overall awareness standpoint, here are some helpful tips from US-CERT that are good resources:
- Do not follow unsolicited web links in email messages.
- Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
- Maintain up-to-date antivirus software.
- Review the Federal Trade Commission‘s Charity Checklist.
- Verify charity authenticity through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for more information on social engineering attacks.
- Refer to the Shopping Safely Online Cyber Security Tip for more information on online shopping safety.
- Avoiding Identity Theft from Phishing Scams (turbotax.intuit.com)
- Phishers Target Social Media, Universities (informationweek.com)