CERT mailing list archives

Current Activity - Holiday Season Phishing Scams and Malware Campaigns

From: Current Activity <us-cert () us-cert gov>
Date: Mon, 20 Dec 2010 10:24:54 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Holiday Season Phishing Scams and Malware Campaigns

Original release date: November 18, 2010 at 2:17 pm
Last revised: December 20, 2010 at 9:57 am


As the winter holidays are quickly approaching, US-CERT is
republishing this entry to increase awareness.

In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the winter
holiday and holiday shopping season. US-CERT reminds users to remain
cautious when receiving unsolicited email messages that could be part
of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not
limited to the following:
  * electronic greeting cards that may contain malware
  * requests for charitable contributions that may be phishing scams
    and may originate from illegitimate sources claiming to be
    charities
  * screensavers or other forms of media that may contain malware
  * credit card applications that may be phishing scams or identity
    theft attempts
  * online shopping advertisements that may be phishing scams or
    identity theft attempts from bogus retailers

US-CERT encourages users and administrators to use caution when
encountering these types of email messages and take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:
  * Do not follow unsolicited web links in email messages.
  * Use caution when opening email attachments. Refer to the Using
    Caution with Email Attachments Cyber Security Tip for more
    information on safely handling email attachments.
  * Maintain up-to-date antivirus software.
  * Review the Federal Trade Commission's Charity Checklist.
  * Verify charity authenticity through a trusted contact number.
    Trusted contact information can be found on the Better Business
    Bureau National Charity Report Index.
  * Refer to the Recognizing and Avoiding Email Scams (pdf) document
    for more information on avoiding email scams.
  * Refer to the Avoiding Social Engineering and Phishing Attacks
    Cyber Security Tip for more information on social engineering
    attacks.
  * Refer to the Shopping Safely Online Cyber Security Tip for more
    information on online shopping safety.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

<http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel01.shtm>

<http://www.us-cert.gov/cas/tips/ST07-001.html>

<http://charityreports.bbb.org/public/All.aspx?bureauID=9999>

<http://www.us-cert.gov/cas/tips/ST04-010.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#holiday_season_phising_scams_and

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTQ91Nz6pPKYJORa3AQK6rwgAxXL3P+0QY5Dsw4AV4QBEm9SQ5SATeFWk
Wzva57dhDyK2uQ32wRKtYj5jENRkQxz1C5erHgxTiLJSrBbLEBSEm/txw9imTJez
LP7MJGTh3FmuhraWe5msxB/pkv8toYkxi7oYR0RSSiCGnc24vfo5U4LkHQnfZWiB
hUgVPAw+ma+VXGaaRr5yp3SPYW9ydJqhRd5EXTRwvP5tbWrdHfztYDj1dWi77yQ9
J1JoRYsmpc0RxVi1bfffy6tk9SNf9f0aeIOReQtQkr2MY4SoX2s8qkOYqKg69noY
ih/6QppAwvQLVh7Ch458Dw+HOg286A7YtAUradNW4A4k08T3TcldFA==
=8JRK
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Holiday Season Phishing Scams and Malware Campaigns Current Activity (Nov 18)
- <Possible follow-ups>
- Current Activity - Holiday Season Phishing Scams and Malware Campaigns Current Activity (Dec 20)