CERT Warns of Holiday Phishing and Malware Campaigns

Tuesday, December 06, 2011



With the holiday season upon us, US-CERT has re-issued a general advisory for consumers and businesses alike to be wary of a potential surge in phishing scams and malware infection campaigns.

Phishing is a form of social engineering employed by criminals through any number of methods, most commonly through unsolicited phone calls or with bogus emails mocked up to look like official communications complete with logos and email addresses similar to those of the legitimate entities they seek to impersonate.

Malware refers to "malicious software" used to infect systems for nefarious purposes such as data exfiltration, account credential harvesting, browser redirects, and other forms of computer attacks.

Users should be aware of these threats on a year-round basis, but also exercise increased vigilance during the holiday rush, ad cyber criminals seek to capitalize on the increase in online retail activity and the general chaos of the holiday season.


As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness.

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holidays and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not limited to the following:

  • electronic greeting cards that may contain malware
  • requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
  • screensavers or other forms of media that may contain malware
  • credit card applications that may be phishing scams or identity theft attempts
  • online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

  • Do not follow unsolicited web links in email messages.
  • Maintain up-to-date antivirus software.
  • Verify charity authenticity through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

US-CERT is  the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS), and their stated mission is to increase the cybececurity posture of the nation as a whole.

Source:  http://www.us-cert.gov/current/index.html#holiday_season_phishing_scams_and

Possibly Related Articles:
Phishing scams malware Social Engineering Attacks Headlines DHS CERT Guidelines Holidays
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked