Christmas shopping spam - (i.e.
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

The Streetwise Security Zone Discussion Forums are a great way to see what other managers are doing about security and what problems they have faced. You can find a lot of helpful hints and tips that could save you time and money.

You must join The Streetwise Security Zone (click HERE) in order to reply or post new items in the forums.
Author Message

ScottWright
Group Administrator

Subject: Christmas shopping spam - (i.e. "Your Order ...")
Risks in the News
posted by ScottWright on Sunday, November 30th 2008 @ 7:00 PM

With the increase in online shopping that most of us are doing for Christmas, it's worth reminding everyone that spammers like to inject themselves into the stream of email messages you might be expecting to get.

What's the problem?

After you've put your order in to online merchants such as Best Buy or Amazon, it's not unexpected to get a confirmation email, and not out of the question to get an email with a note that says there was some kind of glitch in your order. Since these are not common, you may not know what a legitimate email should look like in such a situation.

The problem, therefore, is that a spammer has a good chance of getting you to click on a link to investigate a problem with the order. The main risk is in getting you to visit a dangerous site that can cause a program to download, either automatically (if there is a vulnerability in your browser), or by telling you that you need a "Flash upgrade" or something similar - requiring you to click "OK" to let the program load onto your computer. This can cause your computer to become a "slave" in a "botnet" that can be used to attack other computers on your network or anywhere on the Internet.

You may also be taken to a "fake" site that looks like your merchant, and they ask for your username and password - or possibly other personal information to "verify your account". This can often lead to your identify being stolen.

What is the safest course of action?

As with most spam and phishing risks, you need to be careful with handling email messages.

  1. Turn off "image loading" in your email program.
  2. Turn off "preview" in your email program that causes messages to be displyed
  3. If (1) and (2) are done, then you can open a suspicioous email, and try to look at the "From" email address - if it is suspicious, don't go any further. Tag it as "Junk", and close it.
  4. Check links in the email body (NOT by clicking on them) by "hovering" your mouse over them to see if the "real" link URL pops up. If it doesn't match and doesn't represent the real merchant, close the message and tag it as junk

Be alert when you get any email purporting to be from online merchants, not just at Christmas, but all year 'round.

________________________________
Scott Wright
The Streetwise Security Coach

Would your organization be interested in obtaining the right to use my lessons or articles in your enterprise security awareness program? Please email me at the address below...

Email: scott@streetwise-security-zone.com
Twitter: http://www.twitter.com/streetsec
Phone: 613-693-0997
Podcast: http://www.streetwise-security-zone.com/podcast.html