US-CERT (United States Computer Emergency Readiness Team) reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, please take the following actions:
- Follow guidelines from US-CERT on Shopping Safely Online: https://www.us-cert.gov/ncas/tips/ST07-001
- Follow guidelines from US-CERT on Avoiding Social Engineering and Phishing Attacks: https://www.us-cert.gov/ncas/tips/ST04-014
- Read the Federal Trade Commission’s blog on Holiday Shopping Tips: https://www.consumer.ftc.gov/blog/2017/11/holiday-shopping-tips-ftc
If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3): https://www.ic3.gov/default.aspx
- Report the attack to the police and file a report with the Federal Trade Commission: https://www.ftccomplaintassistant.gov/#crnt&panel1-1
- Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. See US-CERT recommendations on Choosing and Protecting Passwords for more information: https://www.us-cert.gov/ncas/tips/ST04-002