CERT mailing list archives

Current Activity - Holiday Season Phishing Scams and Malware Campaigns

From: Current Activity <us-cert () us-cert gov>
Date: Thu, 18 Nov 2010 14:33:39 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Holiday Season Phishing Scams and Malware Campaigns

Original release date: November 18, 2010 at 2:17 pm
Last revised: November 18, 2010 at 2:17 pm


In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the winter
holiday and holiday shopping season. US-CERT reminds users to remain
cautious when receiving unsolicited email messages that could be part
of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not
limited to the following:
  * electronic greeting cards that may contain malware
  * requests for charitable contributions that may be phishing scams
    and may originate from illegitimate sources claiming to be
    charities
  * screensavers or other forms of media that may contain malware
  * credit card applications that may be phishing scams or identity
    theft attempts
  * online shopping advertisements that may be phishing scams or
    identity theft attempts from bogus retailers

US-CERT encourages users and administrators to use caution when
encountering these types of email messages and take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:
  * Do not follow unsolicited web links in email messages.
  * Use caution when opening email attachments. Refer to the Using
    Caution with Email Attachments Cyber Security Tip for more
    information on safely handling email attachments.
  * Maintain up-to-date antivirus software.
  * Review the Federal Trade Commission's Charity Checklist.
  * Verify charity authenticity through a trusted contact number.
    Trusted contact information can be found on the Better Business
    Bureau National Charity Report Index.
  * Refer to the Recognizing and Avoiding Email Scams (pdf) document
    for more information on avoiding email scams.
  * Refer to the Avoiding Social Engineering and Phishing Attacks
    Cyber Security Tip for more information on social engineering
    attacks.
  * Refer to the Shopping Safely Online Cyber Security Tip for more
    information on online shopping safety.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

<http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel01.shtm>

<http://www.us-cert.gov/cas/tips/ST07-001.html>

<http://charityreports.bbb.org/public/All.aspx?bureauID=9999>

<http://www.us-cert.gov/cas/tips/ST04-010.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#holiday_season_phising_scams_and

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTOV/eD6pPKYJORa3AQLXlQgAkxX81ICsFNc3BhjKNBUiDDPIb/zT8J3M
0dFQOUc7Ql6AlnBwKozBUnlWhbodUrTUBYa03T2Ux4kRdosEeAI46a9EbIKrPFoa
1wKZ/3d3HaEmdqZBuYaWGVYdH6zaaXR0Kc6oZUZxppnFxiHT+p/7Bjuqy5/FOhoV
T599MBW/wPCAm37R9Y82RtWPiMYKL144kS96qBEDCUuuQ51D+M6BJh18+d85eVtR
tN8O1qrQHg3Y6+IurVqsLawixrVcsmP9ozAdRmg8jQ8zRE552Y6s1dg02mUQYFt9
n91Zq+sRp6cGoooe/7PpXx99HOnOR9R8zfnKmquLYd8qzJiK+bPc3g==
=HMsb
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Holiday Season Phishing Scams and Malware Campaigns Current Activity (Nov 18)
- <Possible follow-ups>
- Current Activity - Holiday Season Phishing Scams and Malware Campaigns Current Activity (Dec 20)