Online perpetrators are not taking holiday vacations this year

This holiday season, as gifts are purchased online and in stores across the world, unfortunately some see this as an opportunity to steal your online banking credentials. So while you shouldn’t be scared to buy Grandma that scarf she’s been wanting, you do need to be weary about a new spear phishing campaign.

The FBI Denver Cyber Squad released information on the new campaign that involves personal and business bank accounts, financial institutions, money mules and jewelry stores:

“The campaign involves a variant of the ‘Zeus’ malware called ‘Gameover.’ The spam campaign is pretending to be legitimate emails from the National Automated Clearing House Association (NACHA), advising the user there was problem with the ACH transaction at their bank and it was not processed. Once they click on the link they are infected with the Zeus or Gameover malware, which is able to key log as well as steal their online banking credentials, defeating several forms of two factor authentication.”

Okay, so how do you stay away from this trick and others like it?


Well, here are three simple tips to remember this holiday season to be sure you do not take the bait:

1. Be weary of emails from senders that you have never seen before. Even if the subject line is tempting with an urgent call to action, look at the source and be cautious of the sender.

2. Understand your bank’s policy on communication, and call your bank if a message seems urgent to confirm the email’s validity.

3. If you think you are sure the link is okay to use, still copy and paste it in a search engine to see if it is linked to a valid site. If someone has reported it as spam, it may appear at the top of the organic search, and you will know that it is a good possibility to be fraudulent.

For more information on this FBI investigation and campaign details click here.

The most effective way to keep your users safe is to provide annual Security Awareness Training to help them identify and avoid threats.  Check out our Security Awareness Training course to get started.