Another year is almost gone and it seems that time is accelerated when December begins. Before you know it you’ll be out of time for shopping in time to get gifts delivered for winter holidays. Even though you may feel rushed, it is important to stay attentive when you are online.

I expect that there will be a surge in phishing attacks designed to take advantage of the panic factor. You get an email that says something to the effect that there is suspicious activity on your account or that your account will be closed if you don’t update your information, and so on. It may be a PayPal account, a bank account, a credit card account, or even an email account. You panic… I can’t have that account closed now, I have to shop, shop, shop!!!

Stop, Stop, Stop!!! Do not click on that link in the email. Do not send your name and password. These are all phishing attacks. If the email was legitimate you could simply type www.paypal.com or www.amex.com, or whatever it is into your browser and log into your account there to see if there is a problem. You can call your bank.

If you use PayPal you might want to check out their security center and take their phishing test at https://www.paypal.com/fightphishing. They even get four out of 5 answers correct. They incorrectly asserted that “Phishing is a form of fraud designed specifically to steal your identity.” Phishing can be about identity theft, but contrary to their claims, it isn’t always about identity theft… sometimes the crook just wants your money or your online gaming account, etc. The other four questions in the quiz you should be able to get right, and if you don’t, then you need the education!

It is best never to use a link in email to access your PayPal account, even though PayPal ignorantly does include links in their legitimate emails, never use a link in an email about your PayPal account. It is a really simple rule to follow and keeps you from clicking on the links in PayPal phishing attacks as well.

Are you having problems finding some special item? All of the sudden some web site says they have limited stock for what you are looking for, but you have never heard of this web site before. Perhaps it is even at a “too good to be true” price! Do a little research. Try typing in the name of the company with the word scam and the word complaint in a Google search. For example:

http://www.cambridgewhoswho.com scam complaint

Look at see what comes up. It is even better if you know somebody who has had good results with a merchant. There are going a lot of bogus websites trying to steal your money.

Beware of your search results. If you are searching for the “Nerf N-Strike Stampede Blaster” the bad guys know it and are trying to make sure that their evil web pages come up in your search results. Pay attention to the web site you are going to. If you see something that says you need to install software or update software, get out of there. Do not click on anything on that web page and close your browser right away. If you land on a web page and it starts “scanning your computer” it is a hoax. Close your browser immediately.

Stay calm, stay safe, and have a happy holiday season!

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC