Advisory Overview
During the upcoming holiday season, SKOUT wants to ensure that our customers stay safe while traveling and are extra vigilant online. With holiday sale campaigns and donations to charities in full swing, the time is perfect for spam emails, malware campaigns, fake websites, and fake charities.
Technical detail and additional information
What is the threat?
The holiday season is a perfect opportunity for bad actors to set up fake but legitimate-looking shopping websites to steal financial information as well as credentials of unsuspecting online shoppers. Calls can be masked to seem like they are originating from local areas, and requests are made for donations to charities. These fake charities may also falsely claim that donations made to them are tax-deductible to get more people to donate to them. For those traveling, it is important to keep in mind that use of public Wi-Fi networks could also cause your sensitive information to be exposed.
Why is this noteworthy?
Since the websites and calls can be made to look legitimate, it is difficult to tell what is real and what is fake. This is compounded by the fact that there are also many times more illegitimate domains than legitimate domains. If a website set up for shopping is not encrypted, not only will there be immediate financial loss on purchasing something that you will not receive, but your credit card details will be leaked and could be used later. Remediating loss of financial information or stolen identities can be a long and tedious process. Keeping your Wi-Fi and Bluetooth settings ON will cause your mobile devices to be susceptible to being hacked and your personal information being stolen.
What is the exposure or risk?
SKOUT urges users to be cautious while browsing and shopping online. Pay extra attention to any unsolicited promotional emails that you receive, and do not click on anything that seems suspicious. Amazon and credit card provider or bank emails or texts are also high risk and require thorough review. Be wary of fraudulent social media pleas, calls, texts, websites, and door-to-door solicitations for donations to charities. When traveling, avoid using public Wi-Fi to check your financial information or make online purchases by entering your credit card numbers. Turn off your Bluetooth when you are not using it or make your device invisible to others if it must be ON.
If you believe that you have been affected in any way by any of the means mentioned previously, report the matter to the police, your banks and other financial institutions and the Federal Trade Commission. Taking timely action will help in containing the impact of any breach.
Refer to the links provided in the references below to know more about how to stay safe and protect yourself against the threats mentioned above.
References:
To know more about threats to look out for and safety measures to take, please refer to the following links:
- For safety measures while shopping online, refer to: https://www.uscert.gov/ncas/tips/ST07-001
- For preventing social engineering and phishing attacks, please refer to this link: https://www.us-cert.gov/ncas/tips/ST04-014
- To avoid scams while donating to charities, please refer to this link: https://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams
- To avoid having your information exposed while traveling, please refer to this link: https://www.us-cert.gov/ncas/tips/ST11-001
For more information, please contact our Security Operations Center.