Beware of Holiday Season Phishing Scams and Malware Campaigns

US-CERT is receiving reports of an increased number of phishing scams and malicious software campaigns that take advantage of the winter holiday and holiday shopping season. We urge users to be on their guard, mindful of the potential that an email message could be part of a potential phishing scam or malware campaign.

Users are urged to be sensitive to:

• Electronic greeting cards that may contain malware
• Requests for charitable contributions that may be phishing scams and may originate from Illegitimate sources claiming to be charities
• Movie clips, screensavers or other forms of media that may contain malware
• Credit card applications that may be phishing scams or identity theft attempts
• Online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

We strongly urge users to protect themselves during the holiday season:

• Don't follow unsolicited web links in email messages. Consider running Firefox with the No-Script Add-in.
• Use caution when opening email attachments; Is the email from someone you know? Was the email expected? When in doubt, Don't.
• Maintain up-to-date antivirus and anti-spyware software.
• Keep your systems patched. Be careful of the latest vulnerabilities. Follow our Weekly Vulnerability and Patch Report, published on our blog, Citadel on Security.