Cyber Monday is just one week away and with so many people shopping online, many tactics used cybercriminals to socially engineer users will be more effective than at other times during the year. Spammers and malware distributors have often crafted messages to appear as legitimate messages from the likes of UPS, FedEx, PayPal and many other online shippers and/or retailers. This is such an effective technique, that they use it year round. However, during the holidays these messages can be much more effective. It stands to reason that anyone who is expecting shipping confirmations or payment confirmations will be much more susceptible to these threats and what better time than the holiday season when this is the reality for most people. These messages pose as the real thing but often contain malicious payloads designed to infect your machine.
Here is a look at one of those messages:
Despite the fact that these messages look very believable there are some common elements that should not appear in a legitimate shipping or payment confirmation emails. Frequently these messages will include attachments, which should be a red flag to most people. Additionally, if the message directs you to click on a link, you should at the very least ‘mouse-over’ the link to reveal the true destination. Or better yet… just ignore it and navigate to the company’s website directly in the browser. Of course this is just one form of the multitude of attack techniques that cybercriminals will be using this holiday season so be safe out there.