Increased Online Shopping and Increased Malicious Email Threats

As usual, online shopping website are discounting for year ends after ThanksGiving Day, Black Friday and Cyber Monday.
As a result, spammer also launch spam campaign to find the victim via online shopping.

Below are guide for "How to stay safe" at online and "Best practices for avoiding email scams".

How to Stay Safe

An important skill to stay safe online is how to identify fraudulent domain names used in malicious links in emails. Scammers will usually try to deceive end users by disguising the true second-level domain, by prepending legitimate, familiar names to the beginning of hostnames. Appearing to come from a legitimate sources, the malicious email will contain links to sites that host exploit code with the hope that the user have unpatched systems and vulnerable web browsers, and the goal of compromising the user's system. Other attack vectors come directly in email attachments--word docs, executables, and other infected files.

Best practices for avoiding email scams

- Never click on links in emails without thinking about it carefully.
- Authenticate the sender: Is the sender truly who they say they are? Do I recognize and trust the sender?
- Educate end users on how to hover over links in emails to identify the real domain name in the email from address, as well as in any links in the email body.
- If there is any doubt about the authenticity of this domain name? Taking the example above, customer_service@amazon.com--0123-xyz.malicious-site.com. Is this domain in the sender's email address, malicious-site.com, owned by Amazon or by someone else? (The easiest way is just to go to amazon.com and take care of any notifications or required actions by first logging-in to the site directly, rather than clicking on links in emails.
- For users that are unable to identify domain names in links and email addresses, advise them never to click on a link sent in an email, but rather to open the site in a browser by typing manually in the address bar to ensure that they are going to the legitimate site.
- Always report suspicious emails to your Security Administrator, or directly to the site being spoofed. If in doubt, ask before clicking.
- Never open file attachments from unknown/untrusted sources.
- Stay up-to-date with software patches for Operating Systems, web browsers and all other software on the computer.
- Install and keep up-to-date host-based, and network-based Gateway Anti-Virus, and Intrusion Detection systems.

That's all for general security guide lines for end users and for IT professional who need to care security of organization.

Hope it may useful for some.

Have a good time.
(Be knowledgeable, pass it on then)

Post a Comment