As Christmas grows closer a new threat emerges. This one
uses several of the hacker’s favorite tools, a little social engineering, email
spoofing and Zero-day exploitation. Here’s how it works:
You receive an email from a spoofed email address posing as FedEx,
UPS, DHL, or USPS with a subject line of “Package Tracking Information”. The
social engineering part is the hackers know everyone is shopping online and
expecting packages to be delivered this time of the year. Usually in the body of the email there is a
link to click on to track your package. Clicking the link will certainly lead
you to an exploit kit that will try to infect your computer usually with a
never discovered vulnerability exploit (Zero-Day).
The Crypto Locker virus, the one that encrypts all your
personal files and holds them hostage for $300.00, was being delivered this way
last Christmas (2013). No telling what they have for us this year.
Here are some tips to avoid this from happening to you this
holiday season:
·
If you are going to click links in web based email,
use an iPhone, iPad, Mac or other non-Windows based device.
·
The online retailers will usually have a way to
track packages on their websites, use it!
·
Never
assume an email is from where it appears to be from. It’s just so easy to spoof
email addresses.
Stay Safe and happy Holidays!
No comments:
Post a Comment