Is anyone else stressed out about the end of the year, holidays and commitments you have made? I am. I have already committed to parties for work, civic groups, friends and family. I must help my wife with our oldest daughter’s birthday party; or at least let people think I did. Throw in Thanksgiving, school breaks, and shopping and it is no wonder we are all distracted and stressed this time of year. Which makes this time of year the best for hackers and scammers to take advantage of us and our businesses. So, this month I wanted to send our annual PSA on holiday IT security and give you 3 things that you and everyone at your company should be aware of and do/not do in this busy season of celebration and giving.
NUMBER ONE: If you get a shipping notice be sure you had something really shipped to you. The #1 way that hackers/scammers get us this busy season is the old “Your Package has Shipped” notification emails. Many times, if you take 10 seconds you can tell the email isn’t from UPS, FedEx, DHL, or UPSP just by looking at the from email address. But sometimes it looks close enough to miss and then you can catch it from the fact that the language is off from what you expect from the shippers. If that isn’t a giveaway none of the shippers will send you an attachment with the shipping details, at most it will be a link to their site. The attachment is normally the way they get the bad code installed on your machine so don’t open it. If the link in the body doesn’t look right, then go directly to the shippers’ website and use the tools they have there and use the package tracking number you have to track the package. By the way just because you are on an Apple device doesn’t make you immune to all of this. There are enough of you now to make targeting you worth the effort.
NUMBER TWO: Don’t open that E-Card! That funny dancing bear from Aunt Punkin might be just what you need to brighten your day but just like above these are now used to gain access to your system. Many times it is because Aunt Punkin didn’t bother to have a good password on her Yahoo/Gmail/Hotmail account and the hackers have gained access to it and are sending these messages which will really be coming from her. Sometimes they are just using her name and another fake email. The attachment again will be the payload for the malware they want to get onto your system. Just like above these links need to be verified. If you can’t be sure but really need to see the funny dancing bear then go and type the URL of the site into a browser without looking at the link, many times the links are off by only one character and just by typing it from memory you will correct the URL and find it really wasn’t funny dancing bears at all that Aunt Punkin was sending you.
NUMBER THREE: Watch what you stick your card into. Yep the old skimmers are still out there and with RFID cards they can in some cases grab data without even touching you or your card. But most of the time they will attach the skimmer to a high traffic ATM or other self-service card accepting device for short periods of time. It allows you to transact business as normal but captures your card info and maybe records a video of what you type on the key pad. With the new Chips in our cards this is much harder/expensive for them to exploit so it will likely be the older mag swipe machines they are doing it to. If the machine you are using seems “off” you should think twice before putting your card in. Many times, they are attached by not much more than tape or Velcro and can be pulled off. Now I am NOT saying you should pull/break people’s machines but a little tug might be OK.
If you think about these three things you will be much more secure this season and probably have more joy and money in your pocket. You can never go wrong with stuffing someone’s stocking with a little AV/Anti-malware software either. How else do you plan to keep your information and finances safe this busy holiday season? Please do share this article with anyone that you think needs a reminder because if they get infected you might be next.