Phishing Threats to Watch for During the Holiday Season
As the holiday season approaches, cybercriminals are gearing up to exploit the surge in online shopping and festive communications. The ISO wants to prepare the campus community by providing some reminders. Here are some key phishing threats to be aware of and tips on how to protect yourself:
- Fake E-commerce Sites
Cybercriminals create counterfeit websites that mimic popular online retailers. These sites often offer deals that seem too good to be true to lure unsuspecting shoppers. Always verify the URL and look for secure connections (http://) before making any purchases.
- Phishing Emails and Texts
Phishing emails and texts often appear to come from reputable companies, urging you to click on a link or download an attachment. These messages may claim there is an issue with your order or offer exclusive holiday deals. Be cautious of unsolicited messages and avoid clicking on links or downloading attachments from unknown sources.
- Gift Card Scams
Scammers may send emails or texts claiming you have won a gift card or offering discounted gift cards. These messages often contain links to phishing sites designed to steal your personal information. Verify such offers directly with the retailer before taking any action.
- Charity Scams
During the holiday season, many people are in a giving mood, which scammers exploit by creating fake charity websites and sending phishing emails soliciting donations. Always research charities before donating and use trusted platforms to make contributions.
- Social Media Scams
Scammers use social media platforms to promote fake giveaways, contests, and deals. These posts often require you to share personal information or click on malicious links. Be wary of offers that seem too good to be true and verify the legitimacy of the account or page before engaging.
- Delivery Scams
During the holiday season, delivery scams become more prevalent as scammers take advantage of the increased volume of packages being shipped. To protect yourself from these scams, always check the sender’s email address or phone number. Do not click on links in unsolicited messages. Instead, go directly to the shipping company’s website to check your delivery status. Track your shipments using official apps or websites of the shipping companies.
Tips to Stay Safe
- Verify URLs: Always check the URL of the website you are visiting. Look for secure connections (http://) and be cautious of misspelled domain names.
- Use Multi-Factor Authentication (MFA): Carnegie Mellon utilizes DUO for MFA. Be sure to enable MFA on your accounts and devices both professional and personal to add an extra layer of security.
- Update Software: Keep your devices and software up to date to protect against the latest threats.
- Educate Yourself: Stay informed about common phishing tactics and how to recognize them.
- Report Suspicious Activity: If you receive a suspicious email or message, report it to the relevant authorities or the company being impersonated.
- Download CrowdStrike: If you have not yet downloaded CrowdStrike on your CMU device or have questions, please visit the Computing Services Endpoint Prevention, Detection, and Response (EPDR) page.
- Check Credit Card Statements: Credit card fraud tends to spike during the holidays. Regularly checking your statements can help you quickly spot and report any unauthorized transactions.
By staying vigilant and following these tips, you can enjoy a safer holiday season free from the threat of phishing scams. If you notice any suspicious activity on any of your workplace devices please report these immediately to the ISO at iso-ir@andrew.sanmingzhi.net or call us at 412-268-2044