SANS ISC: A Gentle Reminder - It is that time of year again

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

With the US holiday season quickly approaching and the excitement being generated with topics like WikiLeaks and change to the US Government soon to take place (new Speaker of the House, etc) I felt it might be a good time to gently remind our readers not to click too quick.  Every year around this time we start seeing a barrage of emails trying to trick unsuspecting recipients into getting the latest gossip or viewing that e-greeting card and the next thing we know we have a whole bunch of new spam zombies or other backdoor trojans out clogging up the works.  US Cert has issued a reminder to this affect with some really good advise on what to watch out for and things you need to know to protect your computer.  So proceed with caution but have lots of fun. 

Thanks to Sean for providing this information from US Cert.

Holiday Season Phishing Scams and Malware Campaigns

added November 18, 2010 at 02:17 pm

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not limited to the following:

• electronic greeting cards that may contain malware
• requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
• screensavers or other forms of media that may contain malware
• credit card applications that may be phishing scams or identity theft attempts
• online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

• Do not follow unsolicited web links in email messages.
• Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
• Maintain up-to-date antivirus software.
• Review the Federal Trade Commission's Charity Checklist.
• Verify charity authenticity through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for more information on social engineering attacks.
• Refer to the Shopping Safely Online Cyber Security Tip for more information on online shopping safety.

Deb Hale Long Lines, LLC