The Grinch Loves Email – Don’t Get Lured This Holiday Season

By   ISBuzz Team
Writer , Information Security Buzz | Dec 08, 2014 05:05 pm PST

It’s that time of year again! No, not just for spending time with loved ones, putting up holiday decorations, or even digging out that ugly sweater to wear to your hipster friend’s party. It’s also time for EMAIL PHISHING CAMPAIGNS!!

That’s right. This is the time of year where most of us will be so busy with holiday planning, gift buying, blowing up air mattresses, etc. that we might forget to be diligent about how we access the web. Even the most savvy of users might not be paying attention when clicking a malicious link or opening a virus-laden file. Unfortunately, those that wish to steal our information are counting on just that.

Cyber criminals are getting sneakier and changing tactics away from malicious attachments to “watering hole” style attacks that lure victims to a trusted (but compromised) URL destination. So, that email you just received from your favourite online boutique promising 75% off may not be the deal it is cracked up to be.

Featured Download: Social media access at work. Do your employees know the rules?

They also prey on the proclivity of lowering your guard when dealing with something or someone familiar. The email might look to be from a reputable source like your bank, doctor’s office, or from someone you know. The message might even be related to your favourite hobby.

In the spirit of the holiday season, my gift to you is a set of measures you can take to help protect yourself against the myriad of looming threats out in the wild.

If in doubt, don’t open the email attachment – Go to the website from your browser and look for the promotion. While not perfect, going directly to a website is preferable to clicking on links in emails.

Pay attention – This may seem obvious, but your best defence is to pay attention when surfing the web. This includes knowing what sites you are accessing and what files you are opening.

Verify the contents of suspicious emails – If you get an email from your bank, doctor, house/auto lender, etc. that is asking you to supply personal information, take steps to verify the origin of the email. Contact the purported sender directly (don’t click on the ‘customer support’ link as it may redirect you to a malicious site) and see if they actually sent out that email. Doctor’s offices, banks, and other financial institutions are actually pretty good about not sending or soliciting information over email, so chances are someone is trying to take you for a ride.

Don’t click on untrusted URLs – Is there a link in the email that the sender wants you to click? Read the URL a couple of times and make sure you are going to “” and not “” You can also hover over the link or right-click copy/paste the URL into a text file to make sure that the “link” isn’t just a text label disguised as the URL. If the link is using URL shortening links, such as bitly, use extra caution.

Be careful when opening attachments – While today’s malware and anti-virus scanners can usually catch the majority of malicious executables, it’s really easy to alter the makeup of an existing file to the point where it can evade detection. Over the busy shopping period, you will probably get an array of “delivery” or “shipping” notices as normal. One technique attackers use is to disguise these as malicious attachments. Most online retailers will send these as the body of the email, so think carefully before opening an attachment.

Really, though, the “dangerous attachment” threat isn’t as prevalent these days. More often than not, malicious software is hosted on remote servers and victims are tricked into downloading and executing them via the nefarious methods described above.

Keep a close guard on your information – Cybercriminals are well aware that this is the time of year when people make more online transactions than usual. Try to be extra careful when sending financial and/or personal information, even to sources you think are reputable. While you may think you are saving time having a website save your details or registering with a website, make sure you think about how many new ways you are opening yourself up to having those details stolen should those sources become compromised by attackers.

Not taking these steps to protect yourself could turn a morning of building your sweet new Lego Millennium Falcon into months of picking up the pieces of your now-stolen identity.

By Garrett Gross, Senior Technical Manager, AlienVault

About AlienVault

AlienVaultAlienVault is the leading provider of Unified Security Management and crowd-sourced threat intelligence. Its products are designed and priced to ensure that mid-market organizations can effectively defend themselves against today’s advanced threats. By building the best open source security tools into one Unified Security Management platform, and then powering the platform with up-to-the-minute threat intelligence from AlienVault Labs and its Open Threat Exchange—the world’s largest crowd-sourced collaborative threat exchange—AlienVault provides its customers with a unified, simple and affordable solution for threat detection and compliance management.

While the perfect threat deflector shield has yet to be invented, AlienVault is able to provide its customers with an out-of-this-world threat detection product that ensures even the smallest ‘planets’ in the galaxy can fend off attackers.