As Christmas grows closer a new threat emerges. This one uses several of the hacker’s favorite tools, a little social engineering, email spoofing and Zero-day exploitation. Here’s how it works:
You receive an email from a spoofed email address posing as FedEx, UPS, DHL, or USPS with a subject line of “Package Tracking Information”. The social engineering part is the hackers know everyone is shopping online and expecting packages to be delivered this time of the year. Usually in the body of the email there is a link to click on to track your package. Clicking the link will certainly lead you to an exploit kit that will try to infect your computer usually with a never discovered vulnerability exploit (Zero-Day).
The Crypto Locker virus, the one that encrypts all your personal files and holds them hostage for $300.00, was being delivered this way last Christmas (2013). No telling what they have for us this year.
Here are some tips to avoid this from happening to you this holiday season:
· If you are going to click links in web based email, use an iPhone, iPad, Mac or other non-Windows based device.
· The online retailers will usually have a way to track packages on their websites, use it!
· Never assume an email is from where it appears to be from. It’s just so easy to spoof email addresses.
Stay Safe and happy Holidays!