How many times have you been told you have a vulnerability that you just don’t understand its relevancy? Cross-Site scripting comes to mind for...
Beware of Holiday Scams
It is that time of year and we need to be ready for the fraudsters to be out in full effect. The holidays are approaching and it is a time for joy for most. Unfortunately, the Grinches are working just as hard as Santa to effect your holiday cheer. Here are few things to keep an eye out for this holiday season.
This was discussed on channel 4 news (http://www.news4jax.com) on 11/18/2014. The video of that interview can be found at http://youtu.be/O1tM6L4MJm0
Too Good to Be True Offers
We all want to get the best deal out there, however some offers are just too good to be true. Saving 50% on an item might be possible, but if the deal is getting better than that, watch out. It is recommended that you trust your gut on these deals. If you feel as though it isn’t legitimate then stay way from it. If you are curious or want to find out more information do some online searches to see if anyone else is listing it as a scam. In this day and age, you are not the only one being offered the deal and probably won’t be the first to fall for it.
When shopping for electronics, beware of open packages. With vulnerabilities like BadUSB, it is possible that the opened device has had malicious software added to it. Look for unopened packages just to be safe.
A lot of people will be traveling for the holidays. With the cost of flights and hotels being higher during these special times it makes sense to sniff out the good deals. We recommend that you use a trusted travel agent or the actual travel sites to book travel rather than some unknown company that just popped up in email. The last thing you need is to give up your personal information to then get to the airport and find out the tickets are not valid.
You are getting unsolicited emails all year round. During the rest of the year, they are pretty easy to distinguish and you can pick the scams. During the holidays, many of the subjects become more relevant and more enticing. Things like holiday e-cards are sent by friends, or are they? If you didn’t expect to get something, verify with the sender before opening it. If you are planning on sending e-cards, maybe let your friends know it will be on its way. Don’t ever click on links or open attachments in emails you don’t trust. Secure Ideas’ UserScout services help companies make their employees aware of phishing emails and how to respond to them. If you would like more information, please contact me at firstname.lastname@example.org.
Protect Your Mobile Device
We store everything on our mobile device. We have email, 2-factor authentication applications, our social media apps, banking, home security, etc, all on our phone. Use pass codes to protect the device from the amateurs that may steal your device. If your device has remote wipe capabilities, make it available in the event the device does go missing. When walking around, be conscious of where you device is and your surroundings to help protect it from getting stolen.
We have heard about a lot of breaches this year. While we can’t personally do anything about the retailer breaches, we can follow our own security plans to help protect us. Monitor your credit card statements regularly. Protect your devices. Trust your gut. If unsure, do research and if still unsure, don’t trust it.
James Jardine is a Principal Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at email@example.com or visit the Secure Ideas – Professionally Evil site for services provided.