Staying Safe from Online Threats This Thanksgiving
This year, we found several spammed emails that use Thanksgiving as their subject. One email leads to a site that offers bogus protection plans. Other spam emails contain lottery schemes that invite users to try them out in order to "win" something on Thanksgiving. Once clicked, the user will be directed to another scam website.
Another email pretends to be from a popular U.S. retailer. The email leads to a site that offers Amazon gift cards—but only after recipients answer survey questions. These sites, called survey scam sites, ask users a series of questions with little to no payoff for their answers and time. The sites also request for personal information, which scammers can use for other schemes.
The threats this year aren’t limited to spam. We also encountered malicious sites, this time related to Black Friday. The site offers deals for big-name brands for the upcoming Black Friday sale. In order to participate, users must submit their email address. Email registry or clicking any of the brands triggers the download of a joke program or joke malware. Admittedly, joke programs are relatively harmless but they can still annoy users.
Every year during Thanksgiving, people look forward to filling their bellies with wonderful supper, dessert, and the warm company of family and friends. It's also the time of year when people start combing the Internet for early Black Friday and Cyber Monday bargains. Like eager shoppers, cybercriminals are also preparing to pounce on users who could fall into social engineering lures via spam mail, phishing, click fraud, and other malicious offers.
With all the glitz and glamor the shopping holidays bring, people are inclined to dive into the frenzy and convenience of online shopping. Because of this, cybercriminals are increasingly tricking unknowing users with various online threats, and sadly, a lot of users fail to realize when they’ve fallen for threats hiding under layers of guises.
This year, we found commercial spam email that uses a fake Thanksgiving Day message as bait to lure the user to click on an embedded link. This will then lead the victim to a site with a bogus protection plan offer. Other spam emails contain lottery schemes that invite users to try them out in order to "win" something on Thanksgiving. Once clicked, the user will be directed to another scam website.
Regardless of the season, cybercriminals are always on the lookout for new victims to steal money from. However, attacks become more rampant during the hectic holidays as shoppers become less mindful of their buying habits when they’re overwhelmed with the abundant holiday offers. In light of all the previous spam incidents, users must exercise more caution when shopping online. Here's how to avoid becoming a victim of such threats:
- Always bookmark your trusted shopping sites. Relying on search engine results could lead you to threats that lurk in Blackhat SEO-driven ads, including malicious sites.
- Ignore dubious offers you see in emails especially when you don't recognize the source. Opening malicious links could eventually lead to system infection.
- Install a security solution. Security software can protect you from attacks that could arise while shopping by blocking malicious websites. Make sure that you update your software regularly, and schedule regular scans.
- Beware of unbelievable offers. Outrageous online ads lead users to malicious sites, phishing pages, including adware. If you see ads that seem too good to be true, they probably are, so it’s best to avoid them altogether.
- If you’re an avid online mobile shopper, it’s wise to use an official online shopping app as these allow more secure transactions.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases