Tuesday, December 18, 2012

Tis The Season - Holiday Spams and Scams

   We have always had the need to be careful online. We always have to be aware of what sites we are visiting and what apps were using. I've written about this in my series on Online Self-Defense.

   But at this time of year you have to be even more careful. The amount of online trouble increases. Your volume of work may increase, you're often stressed during the holidays and may not pay as much attention to what you're doing online.

   There are also many e-cards and "cute" pictures and videos that have to be shared.  This, and other information, floods our inboxes, social media timelines and chat/text lists. Many of these have links. And unfortunately, far too many of these links go to malicious sites.

   Here's a great list of some common holiday spams/scams. Here's another.

   But what to do about it?  I provided some good general advice in the Online Self-Defense series. But here are some thoughts on things to do to help avoid online holiday scams:

(I usually start my lists with 3 easy tips... but the most important thing you can do is not necessarily easy)

1. Stop and Think before you Click. That's not easy when you're caught up in the stress of the holidays. But that's why it's even more important to take a few deep breaths and think before clicking on that link. I covered the issue, and some strategies, in a previous post.

2.Use care with shortened URLs and QR codes, especially on your smartphone. These days it's all about minimal typing - think text messages or Twitter. One way to cut down on characters but still share info is to use link shortening. In fact, you may have gotten to this post using a shortened link from my Twitter feed (view and follow me here). The problem is that you can't tell anything about the shortened link just by looking at it. Some of the link shortening services provide some minimal protection. The best protection is to use a link lengthening tool like Long URL Please combined with a link rating tool like WOT (Web of Trust). This is tougher on your smart phone so considering how you got the link and the context, as I've covered, is key.

QRCode   QR codes add a whole new dimension (pun intended!) to the challenge. QR codes are 2-dimensional bar codes. Steve Gibson did a great in depth explanation of this technology in his latest Security Now! podcast episode. You scan the QR code with your smartphone camera and are taken to a link. Usually you find these codes associated with legitimate sources like ads, posters, store displays, product displays, etc. (good context). But, in some cases, scammers place sticker with a QR code pointing to a malicious website over a legitimate QR code! It's difficult to visually verify a QR code but there are tools, including Norton Snap, that can help test QR codes before sending you to a potentially malicious website.

3. Be careful with attachments, chain letters and e-cards. These are mostly email issues. Attachments to emails can contain viruses - are you expecting that attachment? Chain emails waste everyone's time - no, nothing bad will happen to you if you break the chain... and continuing the chain will not bring you prosperity! e-cards can be attachments or links, and we've covered both those topics.

   What are "interesting" holiday scams you've seen? What are your favorite scam avoidance tips?

   Whatever holidays you celebrate, I hope they are enjoyable and safe!

No comments:

Post a Comment