假期意味着暴饮暴食, 过度消费, 如果你不小心的话,与网络罪犯过度分享财务信息.
假期即将来临, retailers across the country are ramping up their advertising efforts for the busiest shopping season of the year. 鉴于消费者已经花费了近10亿美元 180亿美元在线 仅在过去两年的黑色星期五, the holiday shopping season is one of the most lucrative times of the year for retailers.
但零售商并不是唯一追逐假日消费收入的人.
购物季也是网络罪犯最繁忙的时期之一, who view the holiday season as a prime opportunity to cash in on consumers who let their guard down due to increased holiday stress and shopping volume.
虽然骗局的包装可能不同, 以下是今年假期需要注意的一些顶级网络威胁.
惊人的交易
如果一笔交易看起来“好得令人难以置信”,这通常是一个骗局的警告信号, but this old adage may not ring true during the holiday season when consumers are expecting large sales and discounts in line with Black Friday and Cyber Monday specials.
一台75英寸的平板电视,100美元? 一张500美元的躺椅只卖50美元?
在正常情况下, 脑子正常的人都不会认为这是真的, 而是在黑色星期五或网络星期一, 消费者可能会认为这是一个合法的交易,而不是一个明显的骗局.
This is the exact mentality threat actors prey on to get consumers to click their way to fraudulent websites and provide personal and sensitive financial information.
专家提示: 在假日销售季期间和之后, be skeptical of all deals and don’t let your guard down even if you’re on a well-known retailer’s website shopping for toys for your kids. 你的信用卡信息不值得被偷.
运输和支付诈骗
One of the fastest growing scams in recent years involves fraudulent communications regarding shipping or payment issues. Scammers simply send a text or email or pick up the phone to notify their target that a recent purchase has been declined or there is a shipping issue on a recent purchase.
在很多情况下, scammers imitate large retailers like Amazon or FedEx with the hope their target recently ordered something online or made a shipment, 这两种情况在假日期间都极有可能发生.
骗子会主动提出解决这个问题, which normally involves the target providing credit card information or clicking on a link to an imposter website loaded with malware.
The good news is, for people who remain vigilant, these scams are fairly easy to spot. 以下是一些比较常见的战术错误 常见的警告信号 注意到:
- 意外的和紧急的要求金钱作为递送包裹的回报
- 要求提供个人和/或财务信息
- 链接到拼写错误或略有更改的网站地址,如“联邦快递”.Com”或“联邦快递”.com”
- Spelling and grammatical errors or excessive use of capitalization and exclamation points
- 证书错误或缺乏敏感活动的在线安全协议
专家提示: 避免点击任何链接或向未经请求的通信提供信息, 记住, you can always review your receipts for tracking numbers or contact the retailer directly if you have concerns over payment or shipping status.
冒名顶替者慈善机构
节日也是一个给予的季节, with many charitable organizations receiving an influx of donations during November and December.
事实上, 感恩节后的星期二现在被称为“给予星期二”, 该项目始于2012年,目的是在零售旺季促进慈善捐赠.
不幸的是, 但这并不奇怪, scammers have used the spirit of giving as an opportunity to pad their pockets through the creation of fraudulent charities.
Whether they are imitating a well-known charitable organization or fabricating one like “The Human Fund,“这个概念很简单……要求捐款,并保留所有的钱. 近年来, 这些冒牌慈善机构要求提供加密货币,甚至更糟, 通过模仿合法的在线捐赠门户窃取财务信息.
如果你有兴趣在这个节日捐款, 联邦贸易委员会就如何购买提供了消费者指导 在这篇文章中,安全地向慈善机构捐款.
专家提示: 小心那些听起来很紧急的慈善请求, 包含链接或将您发送到请求财务信息的网站.
社交媒体诈骗
另一个流行的假日购物趋势是“小企业星期六”, 这促进了对当地社区小企业的支持.
With a growing number of small businesses using social media as an extension of their ecommerce ecosystem, 毫无疑问,社交媒体诈骗在节日期间很常见.
除了电子商务, social media is filled with advertisements from national retailers and primary channel crowdsourced fundraisers, 比如GoFundMe.
As easy as it is for a legitimate business to post advertisements and host an online store with secure payment options, 对于骗子来说,使用相同的功能同样容易.
专家提示: Be wary of clicking on social media advertisements or providing payment information to unverified online shops.
恶意网站
One of the common cornerstones of all the above mentioned scams is a malicious website.
Some of these websites imitate authentic websites with the intent of tricking the target into providing financial and other private information. 在其他场合, 这些网站旨在安装恶意软件来破坏连接的设备, 当有人点击网络钓鱼邮件时,通常会访问哪些内容, 文字或广告.
While there are typically red flags that would indicate that you are on a malicious website such as typos, 不成比例的徽标或虚假的url, scammers are relying on the notion that you’ll be too busy to think before you act this holiday shopping season. If there is a hot item that is sold out at large retailers or you clicked on an ad from another site, chances are you may overlook something you would have noticed under normal circumstances.
有几个免费的在线工具可以帮助验证网站,包括 谷歌的透明度报告工具.
专家提示: Verify that you are on a secure website by looking for http:// and a padlock icon in the address bar.
无论你是在黑色星期五购物, 小企业星期六或网络星期一或捐赠星期二, 我们希望我们的文章能够帮助您和您的网络更安全地做到这一点.
CISA假日网络安全资源
关于施耐德唐斯网络安全
The bet9游戏平台 cybersecurity practice consists of expert practitioners offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, 脆弱性评估和一个健壮的数字取证和事件响应团队. 此外,我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
要了解更多信息,请访问我们专门的 网络安全 呼叫或联系团队 cybersecurity@313661.com.
想要了解情况? 订阅我们的双周通讯, 关注网络安全.