Don't let phishers steal your holiday cheer


During this time of year, delivery services are extremely busy delivering holiday gifts and, after the gift exchanges, shipping gift returns.

These delivery services, whether companies or the U.S. Post Office, often send emails to inform their customers about the status of their packages. This is a helpful service for customers, but it is also a ripe environment for phishing scams.

Phishers send out bogus emails made to look like official emails from these services to trick recipients into supplying valuable information or downloading malware.

For example, security firm Kaspersky Lab detected a phishing email made to look like a DHL delivery confirmation email. The bogus email tells the recipient to fill out a shipment verification form and present it to delivery person when he or she arrives. Instead, the form delivers malware that can an enable an attacker to gain remote access to the infected computer.

Another scam tells the recipient that their package is waiting at the DHL office because the address was illegible. The victim is told to click on a link and enter personal information, such as the person's username and password, along with the tracking number. This has to be done within 48 hours or the package will be returned.

"The data entered on sites like this is certain to end up in the hands of cybercriminals," related Kaspersky researcher Andrey Kostin.

To avoid falling victim to these scams, Kostin recommends that users should never follow links in email messages but should manually type in the URL of the site. In addition, before entering confidential data on a website, check the URLS in the address bar. "If anything looks suspicious in the URL or in the website design, think twice before entering any personal data," he wrote.

And, of course, the Kaspersky Lab researcher advised people to keep their security software with an anti-phishing tool up to date. What would a holiday time blog post be without a promotional plug?

During this holiday season, keep your eye out for phishing scams and practice good IT security hygiene.

FierceITSecurity will be taking a publishing break, although we will be posting stories on our websites next week. Look for the newsletter again in your inbox Tuesday, Jan. 5. Happy Holidays. - Fred, @FierceFred1