US Govt Asks Users to Be Wary of Holiday Scams and Malware

CISA-logo-1US consumers are encouraged by the Department of Homeland Security (DHS) to be wary of malicious campaigns and scams that usually start targeting during each year's holiday season.

"As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online," CISA said.

"Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes."

The Europol, as well as government agencies from the United Kingdom [1,2] and Australia have all issued their own warnings about holiday-themed fraud at one point or another in the past, just as the FTC did and the DHS previously in 2017 and 2018.

The Holydays Are A Busy Season For Scammers Too

A first sign of what's coming was revealed by Emotet's operators who pushed out new spam templates inviting potential victims to a neighborhood party on Halloween. While those emails promised a treat, in reality, the Emotet campaign would trick its targets into installing a malicious payload.

Consumers have been constantly targeted by fraudsters who frequently take advantage of the holiday season to push themed scams via online advertisement, misleading sales calls, phishing emails, and text messages.

Did you know that KnowBe4 has a free 1-hour New-school security awareness training for consumers? It's for anyone who wants to protects their family at the house against scams like this. The password is "homecourse" without the quotes. 

Free Social Media Phishing Test

Would your users fall for a phishing email that looks like it originated from a credible social media site such as Facebook, LinkedIn or Twitter? Attackers use social media to target both your brand, your users, and even your customers by distributing malware or using social engineering to phish for credentials. These platforms have become a goldmine for the bad guys to carry out social media phishing attacks against your organization. Don't get hacked by social media phishing attacks!

SPT-monitorHere’s How the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

Don't like to click on redirected buttons? Copy & paste this link into your browser:

Subscribe To Our Blog

Domain Spoof Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews