Online Security and Holiday Scams: Be Careful What You Click On

Shopping online is an easy way to take care of the majority of everyone's gift list, but be cautious of any deals that seem too good to be true! The holidays are a popular time for online scammers to try and take advantage of anyone who isn't paying close attention.

US-CERT, a Homeland Security division that monitors cyber threats, has issued an advisory for online shoppers this season. With holiday shopping comes phishing attacks and attempts to infect your computer with malware. Follow these tips to remain safe online during the holiday season:

  • Do not open files attached to emails unless you are sure they are legitimate and were sent by someone you know. Many popular attacks are carried out by mass-sending emails with enticing subject lines that actually contain programs disguised as email attachments. An attachment may even appear to come from a trusted friend if their email address has been compromised and used to send out malicious emails.

  • Avoid emails and social media posts that promise free gift cards or rewards for completing a survey. These are common ways that scammers entice people to click on links, which may lead to imitation sites that will ask for your personal info.

  • Double-check e-card and shipping notification emails to make sure they are legitimate and accurate. The holiday season is hectic, and scammers use this to their advantage by sending out millions of fake emails that claim someone is trying to send you an e-card or that a gift you've ordered has encountered a problem during shipping. These scam emails are copied directly from real notification emails, so it's difficult to tell them apart. Links in those emails may be labeled "" or similar, but will redirect to dangerous sites, so it's always safer to search for the official site of the shipping company, and if it's a notification for something you didn't order, it's likely a scam.

Learn more about what to watch out for in your inbox this season by reading this blog post by the Malwarebytes security company and from US-CERT.

(Image via Perspecsys Photos on Flickr)