Threat Intelligence Blog

Posted November 23, 2016

Thanksgiving is here and we all know what that means – the holiday shopping season is in full swing. It’s likely your inbox has already been flooded with holiday discounts and the occasional “too good to be true” deal. With so many things on everyone’s to-do lists this time of year, it can be easy get caught up and forget security basics when shopping online.

Keeping this in mind, here are some things to look out for while you are online shopping this holiday season:

  • Fake Invoices/Shipping Notifications: Your shopping list is probably full of gifts to get for family members and friends, and sometimes it can get confusing keeping track of all the places from where you’ve made purchases. This is complicated even further when family members share accounts (think Amazon Prime). If you receive an invoice or receipt that you don’t recognize, check your credit card statement and/or with the other family members with whom you share the account. If you receive an email from a shipping company or anyone claiming to have invoices or receipt of packages, visit the company’s website to confirm. You can also call the shipper directly to see if the email is real.
  • Malvertising: Be cautious of clicking on online ads, especially those with promotions that seem too good to be true. Malware-laden ads are often near-exact copies of the original legitimate ad, so it’s hard to know what ads are safe to click. Malicious ads can be served via plug-ins, pop-ups, banner ads, and links in text ads. Lower your chances of falling for malvertising by disabling plug-ins and using ad blocking software/extensions and pop-up blockers.
  • Public WiFi Access: We’ve heard for some time now that threat actors are taking advantage of free public WiFi. This comes into play during the holidays when we’re on the go and often online shopping in public places, using free WiFi. When connecting to free WiFi, always ask an employee at the location for the official WiFi name.
  • Social Media Scams (giveaways, fake gift cards, and cyber deals): Fake gift cards targeting Amazon, Apple, Wal-Mart, and other retailers are rampant during the holiday season and quite common through all sorts of social engineering techniques. Be cautious if you receive offers for gift cards, credit card purchase receipts, airline ticket confirmations, and greeting cards. If it’s too good to be true, it probably is. The safest place to buy gift cards is directly from the retailers and ask for cards kept behind the counter as opposed to on a large end-cap or public display.
  • Fake Charities: Cyber criminals take advantage of consumers’ generosity during the holiday season and often lure consumers in with bogus charities asking holiday shoppers to donate money by misusing the name of a genuine organization or making up their own. These campaigns are often launched via social media in an attempt to attract larger audiences and are aimed at consumers looking to do good for the community while in the midst of their holiday shopping sprees.

We hope pointing out some of the ways you can be taken advantage of online will help you to identify and not be a victim of scams in the future. Feel free to share these online shopping tips with family and friends!

Additional Posts

Weekly Phishing Activity: November 28, 2016

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Threat Intelligence Brief: November 22, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...