Computerworld reports that cybercriminals are using phishing scams to rip-off consumers during this holiday shopping season. The bad guys are using spoofing legitimate messages from real companies in order to deceive consumers. The criminals are sending fake shipping confirmations, fake Groupon and Living Social offers and fake social traffic. A common scam is a fake email about problems with a transaction, such as a delivery problem, a canceled order or direct deposit. Cloudmark has reproduced this example of a fake UPS email:
Computerworld quotes Cloudmark engineering director Angela Knox about details of the UPS-based phishing scam. This phishing scam lures recipients into either opening an attachment or clicking on a link to infect machines with malware.
“We’ve seen a number of variants in this campaign, some with attachments, some with no attachments and bad links, all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic ‘UPS Customer Services,'” said Knox in a blog post today.
The attached files are actually .zip archives that contain malware, said Knox, while the links lead to compromised or hacker-controlled websites that host attack code.
“With Cyber Monday kicking off the online holiday shopping frenzy, online shoppers should remember to be vigilant about any email message that they receive,” said Knox.
To this advice, we add that you should use the latest version of a reputable security product (such as the products of Trend Micro) and install all the security patches for your operating system and applications. You should be careful. But you need to do more. You need a product that will identify legitimate emails from many of the leading consumer brands. Distinguishing real email from fake email is hard. You need a tool to identify real email. You need eMail ID from Iconix.
Know Who. No Doubt. Use eMail ID.