With the increase in online services, especially during the holiday season, cybercriminals increase their online fraudulent activity with the aim to gain consumers’ personal information and cause them financial damage. Moreover, during holiday season, online customers choose to buy goods and services from online retailers. Cybercriminals make use of this opportunity exploit those who are unaware of cyber risks and successfully gain access to their personal information.
Hence, this holiday season, US-CERT reminds online users to be extra cautious when browsing online. Hackers make use of various methods such as phishing emails, fake advertisement and phony websites to attract online shoppers.
Phishing emails may contain malicious links; moreover, fake advertisements may also deliver malicious attachments. Users unknowingly click on malicious advertisements and invite malware on their devices. However, fake e-mail messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid such scams that lead to security breaches, identity theft, or financial loss, US-CERT encourages users to take the following action:
- Approach similar content with caution. Do not follow unsolicited links or download attachments from unknown sources.
- Refer to our security Tips to learn more about Shopping Safely Online, Avoiding Social Engineering and Phishing Attacks, and Protecting Personal Internet-Enabled Devices.
- Visit the Federal Trade Commission’s Consumer Information page on Charity Scams for more information on this subject.
If you believe you are a victim of a Holiday Phishing scam or Malware campaign, consider the following actions:
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
- Report the attack to the police, and file a report with the Federal Trade Commission.
- Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.