Cyber Crimes Thrive During the Holidays

Wisconsin Statewide Information Center gave tips recently to the on how to avoid holiday phishing and online cyber scams. While their detectives are available in the event you experience identity theft or other similar crimes, MPD wanted to prevent the need for their services.

The Center explained that as many consumers choose to buy gifts and services from online retailers, 'malicious actors' will take advantage of the increased volume of online consumers and try to exploit those who are unaware of cyber risks and gain access to their personal information.

The Center urged consumers to remain vigilant when purchasing online. Some of the current threat trends include, but are not limited to:

• Phony profiles on social networking sites such as Facebook and Twitter claiming to be legitimate businesses. These fake profiles will look like their legitimate counterparts but clicking on links in these profiles could allow malicious code to be installed on the victim’s computer compromising the victim’s security and privacy.

• Emails from hotels claiming that a “wrong transaction” has been charged to a credit card. The hotel will claim to offer a refund if the victim downloads and completes a refund form. Unfortunately, the form is embedded with malicious code and downloading it installs malware onto the victim’s computer.

• Emails which are actually phishing scams involving bogus courier services during the holidays. The fake courier will send an email saying there is a package waiting for the victim and ask for personal information in order to retrieve it.

• Non-legitimate websites claiming to have the “hot” gift of the season when most legitimate retailers are sold out. The non-legitimate websites will tempt the victim to order from them when they actually do not have the item and will steal their personal information and charge their credit card.

Preventative Strategies

You can proactively look for emails attempting to deceive users into ‘clicking the link’ or opening attachments to seemingly real websites regarding holidays season ‘deals’. The following represents some best practices to follow, but it is not an exhaustive list:

• NEVER click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.

• NEVER open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.

• DO NOT give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!

Again, be careful when providing any information over the phone. For further information regarding holiday scams, visit: http://www.us-cert.gov/current/index.html#holiday_season_phishing_scams_and.