Holidays and calendar-based events are opportune times for hackers to get us to click on bogus links. We are busy and in a hurry to get it all done. We want to track shipping of online purchases, take advantage of special email offers, and check out a holiday e-greeting card sent by an acquaintance on social media. Don’t be so quick to click on anything sent in an an email, whether it is web address, tracking confirmation, coupon, or e-card, even if it looks kosher.
This week, we picked up a large URL (malicious website) malware set. 1,251 new malware sites have been blocked by iGuard. Most of these URLs follow a predictable pattern of a .com followed by a dash and two letters and two numbers and then .net. Cyber criminals try to trick people into visiting legitimate looking counterfeit URLs, which follow the normal convention with a slight variation, often difficult to see. All of these sites are Trojan droppers based on weight loss programs.
From the ePrism side, Christmas shopping scams are topping the charts. We blocked 1.4 million emails linking to a spoofed Amazon site that looks real enough to convince unsuspecting users to enter login credentials–something like www[dot]AmazonHolidayDeals[dot]com. Other campaigns direct recipients to paste links into their browser. Antivirus filters often deactivate links inside emails, and spammers will direct users to copy paste a URL into a browser if clicking on the link doesn’t work. If the user does this as instructed, they are directed to a website that could launch malware into the user’s computer.
This holiday season, keep in mind what you click. Scammers will play the Grinch to your Whoville if you are not careful.