The issue? This influx of activity online, often times during business hours on a corporate network, is a holiday in itself for scammers and seasoned hackers.
As much as the bosses may not like it, the shopping on Monday is inevitable. So what should employees be mindful of to protect themselves AND the sensitive data on the corporate network?
FortiGuard Labs threat researchers, Guillaume Lovet and Derek Manky offer a few security tips to help you stay safe online.
1. Unsolicited e-mails: While it may be tempting to click on an email link that says, “Great Deal on iPads… 50% off!” Be careful! By clicking on that link, you could be taken to a compromised Website that downloads malware onto your computer. That malware can then be used to capture your computer key strokes, download additional malware, such as fake antivirus applications, or simply turn your computer into a spam generator.
What to do: If a deal looks too good to be true? It probably is. If you’re still tempted, simply place your cursor over the link (without clicking on it) and check to make sure the URL listed is where you were intending to go.
2. Nefarious search engine results: Search Engine Optimization (SEO) attacks (also known as search engine poisoning) typically occur during major events and holidays. This time of year, hackers may use search terms such as “Holiday Sale,” “Christmas bargains,” or “Year End Specials.” When a user clicks on the malicious link, they could be taken to a Website where their computer can be immediately compromised.
What to do: Same with the tip above, check the link before you click. Also, make sure if you do go to the site that the content looks relevant to what you searched for, versus lots of keywords globbed together on a page in random sentences
3. Unknown online retailers: If you discover an online store that’s offering unbelievable specials on holiday merchandise, do some digging to make sure it’s a legitimate store and not a false front that will disappear later that day along with your credit card information. And even if they are legitimate, you’ll want to make sure their site hasn’t been unknowingly compromised by SQL injection or other server attacks.
Compromised websites won’t always redirect you to a malicious site, but often will phish or try to surreptitiously install other forms of malware on your computer, such as Trojans, bots, keyloggers and rootkits, which are designed to harm systems and steal personal information.
What to do: Make sure your antivirus system is up-to-date, as well as intrusion prevention to help guard against these exploits. Without them, you may not even know that you’re infected.
4. Beware of friends sharing unsolicited links: Malicious links don’t always come from spam emails. They could come from your closest friend on Facebook or via e-mail whose machine has been unknowingly compromised. The infected machine may have a botnet that’s been programmed to comb through email or Facebook address books and send malicious links to everyone in them. The message might say, “Hey, check out the holiday sale going on here!” or “This place is have a 50% off Christmas sale!” By clicking on the link you could be taken to a malicious Website that installs malware on your system or phishes for your credit card credentials.
What to do: Use common sense. Does your friend normally update you on when sales come up? If you’re not sure, a quick private message or phone call to ask, “Did you mean to send me this?” could save you from compromising your personal (and corporate) sensitive information.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.