This holiday season as you give and receive, make sure you stay aware of security best practices. This is not a time to let your guard down because this is when people are most vulnerable and attackers are aware of this.
Phishing “Gift cards”
If you receive a gift card from a “friend” via email (which could definitely be legitimate as many companies including Amazon have this type of delivery), don’t automatically click the link and assume it is true. Contact your friend (the sender) directly (not replying to the email, but using their personal email address you have on file or by calling them) to verify that this is from them and is legitimate. If for some reason the sender wanted to remain anonymous, do not click the links in the email.
Enter the URL to the company manually in a separate window. Then go to the gift card section of the page and enter in the code. You could also call the company (the number listed on their trusted website, not the number in the email), and verify the legitimacy of this gift card. Attackers use this in phishing attacks. They create fake gifts and fake links that look legitimate. They require you to enter in information to “redeem your gift,” then they use that information as pre-text for attacks, or they infect you as soon as you click the link. Don’t fall for this trap.
During this holiday season, many companies send out coupons, offers and freebies. Be cautious, however, because attackers know this and pose as companies offering fake rewards. These offers are enticing since they may seem to come from a store you frequent or are in the mailing list for.
Don’t fall for it. Again, check directly with the trusted company to ensure the said offer is from them.
Enjoy the holidays, but be a smart giver and receiver.