Security Researchers Warn Of Christmas Related Scams And Malware

Security researchers are warning online users that scammers and cybercriminals have ramped up the number of emails, text messages and social media posts used to spread scams and malware during the holiday season.

McAfee has issued it's 2012 edition of its 12 scams of Christmas list which features several approaches that aren't entirely new, but are rather new versions of some of the same old scams. These include social media scams utilizing channels, like Facebook and Twitter, malicious mobile apps, traditional phishing emails and even a new approach to instant messaging scam that targets Skype users.

As social media has grown so to have the numbers of scams targeting users. McAfee warns that users of Facebook and Twitter need to be extra cautious when liking Fan Pages, clicking on fake alerts from friends’ accounts that have been hacked, taking advantage of raffle’s, ads and deals that you get from “friends,” or installing suspicious “holiday deal” apps. Fake fan pages and app can be used to give your private data away or even target you for more dubious phishing attacks.

Smartphone are also a growing segment being targeted by scammers. Malicious Mobile Apps are becoming more prevalent as smartphone users are becoming more app crazy. To date there have been over 25 billion apps downloaded for Android devices alone! But as the popularity of applications have grown, so have the chances that you could download a malicious application designed to steal your information or even send out premium-rate text messages without your knowledge. Consider this: A recent study found that 33% of apps ask for more information than they need, such as access to your contacts or location.

Apps alone aren't the only risk smartphone users face. “SMiSishing” or phishing via text message is just like its email counterpart. Scammers send out official sounding/looking SMS Text messages to temp victims to reveal information or performing an action you normally wouldn’t do. This could be anything from logging into a fake account to verifying personal details and information.

Security researchers from Symantec are warning about a flood of the traditional email phishing scam "You Have Received a Christmas Card". A large number of emails have been intercepted by the security firm that follow the traditional greeting card scam that uses a legitimate looking "You Have Received a Christmas Card" email to trick users into download a malicious file for visit a malicious site.

These E-Cards type scams are nothing new having gained popularity several years back when E-Cards became a popular way to send a quick “thank you” or holiday greeting. While most e-cards are safe, some are malicious and may contain spyware or viruses that download onto your computer once you click on the link to view the greeting. Others ask you to click on an attachment to view the card, and then download a Trojan onto your machine. Users need to stay vigilant and pay close attention to the links contained in the email and the "from" line to make sure it is actually from a known source.

Tip: How to Protect Yourself Against Scams During the Holidays

1. Stay suspicious—Be wary of any offer that sounds too good to be true, and always look for telltale signs that an email or website may not be legitimate, such as low resolution images, misspellings, poor grammar, or odd links.
2. Practice safe surfing—Find out if a website is potentially dangerous before you click on it by using a safe search plug-in such as McAfee SiteAdvisor. SiteAdvisor uses easy-to-read red, yellow, and green check marks to rate websites when you search for them.
3. Practice safe shopping—Stick to reputable e-commerce sites and look for a trustmark that indicates that the site has been verified as safe by a trusted third-party, like the McAfee SECURE™ mark. Also, look for a lock symbol and  “https” at the beginning of the web address (as opposed to just “http”) to see if the site uses encryption to protect your data.
4. Use strong passwords— Make sure your passwords are at least eight characters long and contain a variety of letters, numbers and characters that don’t spell anything. Avoid using the same password for your important accounts, and never share your passwords with anyone.
5. Be careful when clicking—Don’t click on any links in messages from people you don’t know, and if you come across a shortened URL, use a URL expander to see where the link is directed to before you click.
6. Use a comprehensive computer security— You need complete protection that includes anti-virus, anti-spyware, anti-spam, and a firewall and make sure it is up to date. Online security and safety protection, such as McAfee All Access, can help protect all of your devices – PCs, Macs, smartphones and tablets – from holiday-related malware, phishing, spyware, and other common and emerging threats.
7. Educate yourself— Keep up-to-date on the latest scams and tricks cybercriminals use so you can avoid potential attacks. You can find helpful information on the McAfee Blog and the McAfee Advice Center.