As expected, the malicious content online is way up with the holiday season. Some things to be aware of:
- Gift card/reward/coupon emails – I see an average of 4 malicious emails for these offers every day in my home email. Many of them try to disguise the links with similar domains.
- Black Friday Sale ad emails, or advertisements on web pages – I have seen where some of these emails are also malicious. If you really want to see what’s on sale at a company, go directly to their website and do not fall for clicking links in emails or clicking ad’s on pages.
- An increased number of websites are asking visitors to allow or approve ‘notifications’ – these permissions are disguised as prompts with an OK button, some are disguised as CAPTCHA requests. There are some questionable firms paying site owners to install their notification scripts which they then resell to scammers. If you get popups asking for you to click something from a website, it is best to kill your browser and do not go back. KrebsOnSecurity has an article describing how malware infections have occurred from these notification paths.
- Chrome is under active attack for the vulnerabilities found earlier this month – If you use Chrome at home, please be sure it is up to date. Of course, it is best to make sure all of your software is up to date, including your operating system.
- When shopping online, it is best to use a trusted payer with multifactor authentication such as PayPal instead of providing your card info to the company you are buying from.
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706