Home page logo

cert logo CERT mailing list archives

Current Activity - Holiday Season Phishing Scams and Malware Campaigns
From: Current Activity <us-cert () us-cert gov>
Date: Tue, 20 Nov 2012 11:10:45 -0500

Hash: SHA1

National Cyber Awareness System

US-CERT Current Activity
Holiday Season Phishing Scams and Malware Campaigns

Original release date: November 20, 2012
Last revised: --

Since the winter holiday are quickly approaching, US-CERT is
republishing this entry to increase awareness about phishing scams and
malware campaigns.

In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the winter
holidays and holiday shopping season. Users who are new to making
seasonal online purchases are encouraged to take care and use safe
online shopping habits. US-CERT reminds users to remain cautious when
receiving unsolicited email messages that could be part of a potential
phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not
limited to the following:
 * electronic greeting cards that may contain malware
 * requests for charitable contributions that may be phishing scams and
may originate from illegitimate sources claiming to be charities
 * screensavers or other forms of media that may contain malware
 * credit card applications that may be phishing scams or identity theft
 * online shopping advertisements that may be phishing scams or identity
theft attempts from bogus retailers
US-CERT encourages users and administrators to use caution when
encountering these types of email messages and take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:

 * Refer to the Shopping Safely Online Cyber Security Tip for more
information on online shopping safety.
 * Do not follow unsolicited web links in email messages.
 * Use caution when opening email attachments. Refer to the Using
Caution with Email Attachments Cyber Security Tip for more information
on safely handling email attachments.
 * Maintain up-to-date antivirus software.
 * Review the Federal Trade Commission's Charity Checklist.
 * Verify charity authenticity through a trusted contact number. Trusted
contact information can be found on the Better Business Bureau's
National Charity Report Index.
 * Refer to the Recognizing and Avoiding Email Scams (pdf) document for
more information on avoiding email scams.
 * Refer to the Avoiding Social Engineering and Phishing Attacks Cyber
Security Tip for more information on social engineering attacks.

Relevant URL(s):







   Produced by US-CERT, a government organization.

This product is provided subject to this Notification:

Privacy & Use policy:

This document can also be found at

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html

Version: GnuPG v1.4.5 (GNU/Linux)


  By Date           By Thread  

Current thread:
  • Current Activity - Holiday Season Phishing Scams and Malware Campaigns Current Activity (Nov 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]