The Twelve Scams of Christmas Revisited
Greetings and Happy Holidays ,
In this season, the time is right for the scammers to peek out from behind the mistletoe and catch all those bad little cyberusers who are not careful. Do not let them turn your holiday into piles of switches and lumps of coal. Be even more on guard for those evil little spoilers.
The security company McAffee has broken down a list of the twelve scams of Christmas. You can find a posting of that article at this website (http://www.foxnews.com/story/0,2933,576358,00.html).
Examining this list, we can basically see a couple of categories which I will briefly discuss:
Information Harvesters – Phishing, charity sites, identity theft, fake job and auction websites, and other scams are designed to take personal information and use if for purposes of fraud or robbery. A full 8 of the 12 listings fit into this category. These all rely upon social engineering to trick you into giving up seemingly harmless information. NO information is completely safe to give out – some sites use data such as mother's maiden name to help establish identity. In conjunction with other personnel data, identity thieves can convince companies they are you. With so much business done online these days, it could be a while before the fraud is discovered. Protect this resource just as you would protect your wallet. You may be doing just that.
Malware Installers – The remaining four scams fall into the category of malware installers. The creators attempt to trick you into opening an email attachment which then offers to install something on your system. Any offer to install something should signal warning bells. Many of these items are tempting – holiday greeting cards, requests to join friends on a social networking site such as Facebook, or some cute holiday movie clip are all examples. Once these attachments are opened, they install software that does very bad things to your computer. Some applications can steal passwords and login information sending it to the bad guys. Other software can take control of your computer and make it send advertising messages to other users. Still other software can steal or damage your files removing data and destabilizing your entire computer system. The easiest way to deal with this problem is not to get infected in the first place. Anything that looks suspicious is not to be trusted.
Things you can do to help prevent problems:
Paranoia does not mean they are not after you – the first step in any battle is recognizing who is the enemy. Be suspicious. Be careful. Be ready. They will come knocking.
Research is not just for researchers – When faced with an unknown file or request, go to the Internet and Google search the problem. Use the name of the file or several of unique words that are found in the messages as search terms. Usually people have posted about the problem and you can quickly find out the risks. If you are having the problem, someone else likely is having it too. Find out how they handled it.
Lock and load – Make sure your system updates are installed. These often include security patches to remedy against scams or malware problems like those we are discussing. Make sure your antivirus software is installed and up-to-date.
Trust after verifying – If you get a request from a friend to join some service or network, do not blindly assume they sent it. Check with them directly. If they confirm, you can be more relaxed. If they did not send the request, you should trash it.
Click at your peril – Email can contain attachments of many kinds and not all of them are safe. Look at those attachments. Any that have an exe at the end are software programs and can potentially do bad things. Be especially wary of these.
This club only lets in cool people – never make the mistake of thinking that anything that makes it through the University email system or the Google email system or the Yahoo email system, etc. is safe. Plenty of new threats appear all the time and not all systems catch all of them immediately. The brand new ones are called “Zero-Day Threats” because they appear without warning giving everyone zero days to prepare.
Deep six the stowaways - lookout for any new software that installs on your computer. Any offers to install software should be regarded with care. Do not haphazardly add things to the system just because they are offered. Uninstall those things unneeded or unrecognized.
Movies were safer in theatres – be careful when receiving video clips. Most legitimate video clips can be played using Quicktime, Windows Media player, or Adobe Flash. Install these applications on your system and refuse those video clips that do not fit into these players. Most legitimate videos will use these players. Scammers attempt to con you into installing their “special player” which is nothing more than malware. On top of that, you usually do not get to see your movie either. One other point: be careful if some site offers to update your media or Flash player. Only update these players from the proper website to ensure some scammer does not try to offer you something disguised as something else.
Give until it hurts – In this time of economic depression, there are so many more people in legitimate need. This makes it a prime opportunity for a scammer to prey upon the good wishes of those who are compassionate to the plights of others. Plenty of emails will reach the inbox asking for donations. Remember that email is NOT a trusted mechanism for information exchange. Any good scammer can send out mail impersonating anyone else. To donate, go to the recognized website for the charity and use their online secured form – all of them have these. Look up the legitimate website and pay by credit card. Credit cards offer protection for online fraud. These steps will help ensure that the needy, not the greedy, get your gift.
Carpe Diem! - If you get offers that say you have to do something immediately, they are likely trying to get you to act rashly. Even online sales have a window of opportunity. A scammer wants to act fast and move on before he is caught [or captured].
Hopefully, a few of these tips may come in handy this holiday season. We wish everyone a joyous and safe holiday season both online and off.
Thank you for your patient attention to an unusually lengthy posting.
Senior IT Specialist
University Computing Center
The University of Louisiana - Monroe
200 University Ave - Strauss 157
Monroe, LA 71209