Trend Micro - Seasons Warning

8/3/2019 Trend Micro - Seasons Warning

1/14


2/14


3/14

The holidays mark the perect time to celebrate, give gits, and

take that much-deserved break rom normal lie.Unortunately, these also give cybercriminals that once-a-year

chance to take advantage o and to victimize users, especially onlineshoppers like you.

Holiday-related online threats are, however, no longer new. Tese can even already beconsidered a cybercrime staple. Each year, as you troop to online shops in search o thebiggest bargains, so do cybercriminals await with their ingeniously crated traps.

As time goes by, the online holiday spending can only grow. Case in point, the holiday onlinespending last year reached almost US$30 billion. Tis year, comScore expects the spendingrom November to December alone to reach around US$32 billion. With that, we can onlyexpect Web threats to be bigger and grander in scale, too. Ater all, cybercriminals will nevercease to come up with ways to make money out o your misery.

Some o the riskiest activities you can engage in during the holidayswindow shopping,making actual online purchases, and tracking purchased itemscan render you vulnerableto attacks related to blackhat SEO, spamming, phishing, and inormation thet throughmalware inection.

While searching or the best buys online, you should be wary o threats. o staysae rom cybercrime ploys, keep the ollowing best practices in mind.

1
http://blog.trendmicro.com/?s=christmas&image.x=0&image.y=0&image=Searchhttp://techcrunch.com/2010/01/06/shopping-spree-total-online-holiday-spending-nears-30-billion/http://techcrunch.com/2010/11/23/online-holiday-spending-to-reach-32b-e-commerce-sales-already-up-13-percent/http://techcrunch.com/2010/11/23/online-holiday-spending-to-reach-32b-e-commerce-sales-already-up-13-percent/http://techcrunch.com/2010/01/06/shopping-spree-total-online-holiday-spending-nears-30-billion/http://blog.trendmicro.com/?s=christmas&image.x=0&image.y=0&image=Search


4/14

o steer clear o the dangers spam pose, you must rst learn how to spotunwanted email messages. Spam are unsolicited email messages sent in bulk.What do these look like? Here are some telltale signs that can help you separatespam rom legitimate email messages:

People you know will always put your email address in the To: eld so dont evenattempt to open email messages that do not have your email address in this eld.ake a look at the email messages From: eld, too. I you dont recognize the sendersemail address then the message is most likely spam. Note, however, that the content

o the From: eld can be easily spooed. In act, spammers oten make the emailaddresses they use look like legitimate companies. Only when you reply do you nd out

what you thought isnt so.

I its too good to be true, it must be. No one in his right mind will give youmoney or nothing. So every time you get an email message that oersmoney in exchange or just a click or a download, delete it immediately. Tesame is true or email messages telling you that you can earn a PhD in twoyears or get prescription drugs at very cheap prices. In act, the use o words

like ree, limited oer, click here, act now, risk ree, lose weight, earnmoney, or get rich is a typical and popular technique.

Most spam contain so-called salad words. Tese reer to a mixture o random wordsthat while arranged in phrases that appear to give them meaning actually carry no

signicance. Tis is also a well-known tactic that spammers use to conuse even the

smartest o spam lters.

Apart rom using salad words, spammers also use invisible ink. Tis technique allowsthem to hide words and/or phrases rom the naked eye using white ont. o check i

what you really see is what you get, press CTRL + A to highlight all o the emailmessages content to reveal everything on it, even what the sender is hiding rom

your prying eyes.

Spam most often

1

23

42


5/14

Spammers are not known or their spelling nor grammaticalprowess. In act, they most oten misspell words and commit glaringgrammatical errors, most likely because o the use o salad words in

an attempt to trick the cleverest o spam lters that your antivirusproduct may be using.

Email messages that contain images in the body or have image leattachments are also most likely to be spam. Te use o images isalso a popular spamming technique that helps malicious usersevade spam-ltering techniques.

A clever trick to determine the legitimacy o

URLs embedded in email messages is to hoveryour mouse on them. While doing so, check thelower-let part o your browser window and check i

the text that appears is the same as that in the givenURL. Note, however, that this is not oolproo since

spammers sometimes make use o third-party

mailing services to urther their maliciousschemes.

I you just cant resist or i youmake the mistake o opening spam,

at least avoid downloading the le

attachments these come with orclicking the links embedded in them. Oers thatare too good to be true usually are.

ead to scams

56

7

3


6/14

Apart rom spam, you should also keep a keen eye out or phishingpages or sites. Cybercriminals are sure to riddlethe Web with spooed pages or sites in hopesthat you will make the mistake o keying inyour precious credit card inormation. Tereare, however, several ways by which you canoutsmart phishers. How? Familiarize yoursel

with typical phishing pages and sites to stay sae. Here are somenity tips and tricks to do so:

Some elds on the page may not be the same as those on the real site but you haveto be amiliar with the latter to distinguish what is real rom what isnt. As with spam,

misspellings and glaring grammatical errors are a surere way to tell i a page or site is

real or not. Keep in mind that, as proessionals, banks and legitimate e-commercecompanies will not commit such mistakes.

Phishing email messages oten try to scare you into keying in your user name andpassword ater clicking an embedded link to a ake login page. A legitimate emailmessage will never orce you to provide these pieces o inormation.

A ake sites Web domain and URL, as seen in the address bar, is not thesame as those o the legitimate site. A legitimate banking sites login page URL

usually begins with httpsand not with http. Note, however, that even phishing sitesand /or pages can spoo the legitimate protocolhttpsthat marks legitimate sites.

o make sure this isnt the case, also consider the next steps to ensure your saety.

4

Phishers will alwa

sh fo

123


7/14

Another telltale sign o a legitimate site or page is the presence o a padlock on thelower-right side (this may dier among browsers) o your browser. Te absence o

this lock is a sure indication o a sites illegitimacy. Note, however, that somephishing sites or pages can also sport this icon. Looking more closely may letyou spot misspellings and other typographical errors that indicate raud.

All legitimate sites are digitally signed by their owners. o determine a site or pagesvalidity, check its digital signature. An invalid or sel-signed digital certicate is a

telltale sign o a site or a pages illegitimacy.

I you happen to land on a dubious-looking site or page,dont panic. Its not too late, you can still stay sae. All youneed to do is to close your browser.

4

5

s

r information

5


8/14

Nothing in life is frthings to be?

12

36

If its too good to be true, it most likely is

Youve probably heard o the old adage Nothing in lie is ree. Tis isespecially true when surng the Web. In act, the word ree is probablycybercriminals avorite word to lure in potential victims. Ater all, who canreuse getting something or nothing? o avoid alling prey to the oldestblackhat SEO tricks in the book, keep these tips in mind:

I you have a airly good idea what online e-commerce site you want to visit to doyour shopping, directly type in its URL in the browsers address bar to avoid

stumbling upon bad links in search engines.

Do not click suspicious-looking URLs even i these appear as top search engineresults. Consider a link suspicious i any or some o its components (://

//?) is made up o random characters.

Read the overview o the search result (the set o text that appears rightater the title page in boldace). Te search result can also be considered suspicious i

the overview does not provide a sensible brie description o the site. A sure sign oblackhat-SEO-related sites is the presence o randomly stued keywords in

the overview.

Keep in mind that the best things in lie are hardly ever ree. In act, sites thatadvertise ree stu usually just lead to trouble. So during the most estive oseasons the world over, dont orget to be careul. Ater all, tis the season to bemerry and hopeully not sorry.


9/14

Youre not the only one who likes free stuff

Like ree stu on the Web, ree Wi-Fi access can also put your system and dataat great risk. When conducting online transactions, make sure the access pointyou are using is properly secured. Tink twice beore putting your data out

there or virtually any malicious user to abuse. Te next time you get the urgeto take advantage o so-called reebies, remind yoursel that:

When setting up your own wireless network, use a strong password. Te weakest pointo security is typically the login. When logging in to a site, a server checks to see i amatching account exists. I so, it replies with a cookie. I hackers get a hold o yourcookies, they can do anything that you can on certain sites. Anyone on the same open

wireless network can also read the Web trafc that travels between connected devicesand the access point.

Do not automatically connect to open wireless networks.Picking up any open signal by deault may be convenientbut can also leave your device vulnerable to security risks.

Stay away rom Wi-Fi hot spots altogether i at all possible.Enable your system rewall and make use o VPN technology.Tis prevents any malicious user on the same network romcollecting your credentials.

Conguring systems and Wi-Fi-enabled devices to staysecure is your best bet. Regularly patching your devicesantivirus and security sotware puts them on saerground against bugs that hackers may leave just about

anywhere behind.

Wireless networks are wide open so you should avoiddoing anything while connected to one that you wouldntwant to be seen doing.

ee,so why expect

12 34

7

t


10/14

Sometimes, using the best solutions on your devices still doesnt guaranteeonline saety. In the end, what you do on the Web will spell how secure youand your system as well as data stay. o ensure that you are always protected, itwould serve you very well to:

Make it a habit to keep online transaction records to avoid becoming victims oraud.

Check your credit card billing statements to see i any o the transactions isunauthorized. Immediately report discrepancies.

Ask your bank i it has a tool that can inorm you whenever you

use your credit card. Enroll in such a service so you can immediately checkor instances o misuse or raud.

Know the sellers by checking their track records out. It is alwayssaer to buy rom popular stores with good reputations. Otentimes,

more than nding the greatest bargains, it is still way better to

pay more or better security.

And when you nd what you are looking or or get yourChristmas wish, dont think your battle with malware isover. Some gadgets or electronic devices, unortunately,

come preinstalled with malware. o keep your system sae,scan all devices, especially removable drives, beore accessing

their content. As an added precaution, make sureAutoRun isdisabled when plugging in newly acquired gadgets to your system.

124

5

Dontforge

t

tob

emerry...

8

3


11/14

Dont throw caution to the wind when surng the Web, especially when shoppingonline. ry out our products, which are powered by the rend Micro Smart

Protection Network to stop threats beore they even reach you. I you havent

decided what security product ts your needs, you may want to try out our toolsor ree like:

Email ID,which helps you identiy legitimate email messages in your inbox.

Web Protection Add-On,which proactively protects your computer against Web threatsand bot inltration that can work alongside your existing desktop protection.

HouseCall,which quickly identies and xes a wide range o threats, including viruses,worms, rojans, and spyware.

6

9

...Juststay

safe

soyouwontbe

sorryCybercriminals will nevertire o springing traps onunsuspecting potential victims. Tey

will never tire o sending out spam in hopes thatyou will download their malicious attachments or click

links to their malware-ridden sites. Tey will never cease to phishor all kinds o personal inormation nor will they stop poisoning searchresults, all or the purpose o proting o your pain.

Tis is the reason why you should always be on your guard when goinganywhere on the worldwide Web. You never know what traps lie in wait or

you. Otentimes, a careless click may cause you dearly.
http://us.trendmicro.com/us/trendwatch/core-technologies/smart-protection-network/http://us.trendmicro.com/us/trendwatch/core-technologies/smart-protection-network/http://free.antivirus.com/email-id/http://free.antivirus.com/web-protection-add-on/http://housecall.trendmicro.com/http://housecall.trendmicro.com/http://free.antivirus.com/web-protection-add-on/http://free.antivirus.com/email-id/http://us.trendmicro.com/us/trendwatch/core-technologies/smart-protection-network/http://us.trendmicro.com/us/trendwatch/core-technologies/smart-protection-network/


12/14

10

What you kn wwill protect youStay inormed! Read up on the latest online threats and howto ght them by checking these out:

Threat Encyclopedia

http://about-threats.trendmicro.com/RelatedTreats.aspx?language=us&name=Beware+o+Holiday-themed+Multi-component+Online+Treats

TrendLabs Malware Blog

http://blog.trendmicro.com/zero-day-bypasses-windows-uac/

http://blog.trendmicro.com/with-holiday-wishes-come-poisoned-searches/

http://blog.trendmicro.com/voucher-scam-spreading-via-tweets/

TrendWatch

http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/71__tis_the_season_to_be_wary__112410_.pd

http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/49_

don___t_let_web_threats_spoil_the_ho-ho-holidays__december_28__2009_.pd
http://about-threats.trendmicro.com/RelatedThreats.aspx?language=us&name=Beware+of+Holiday-themed+Multi-component+Online+Threatshttp://about-threats.trendmicro.com/RelatedThreats.aspx?language=us&name=Beware+of+Holiday-themed+Multi-component+Online+Threatshttp://blog.trendmicro.com/zero-day-bypasses-windows-uac/http://blog.trendmicro.com/with-holiday-wishes-come-poisoned-searches/http://blog.trendmicro.com/voucher-scam-spreading-via-tweets/http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/71__tis_the_season_to_be_wary__112410_.pdfhttp://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/71__tis_the_season_to_be_wary__112410_.pdfhttp://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/49_don___t_let_web_threats_spoil_the_ho-ho-holidays__december_28__2009_.pdfhttp://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/49_don___t_let_web_threats_spoil_the_ho-ho-holidays__december_28__2009_.pdfhttp://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/49_don___t_let_web_threats_spoil_the_ho-ho-holidays__december_28__2009_.pdfhttp://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/49_don___t_let_web_threats_spoil_the_ho-ho-holidays__december_28__2009_.pdfhttp://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/71__tis_the_season_to_be_wary__112410_.pdfhttp://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/71__tis_the_season_to_be_wary__112410_.pdfhttp://blog.trendmicro.com/voucher-scam-spreading-via-tweets/http://blog.trendmicro.com/with-holiday-wishes-come-poisoned-searches/http://blog.trendmicro.com/zero-day-bypasses-windows-uac/http://about-threats.trendmicro.com/RelatedThreats.aspx?language=us&name=Beware+of+Holiday-themed+Multi-component+Online+Threatshttp://about-threats.trendmicro.com/RelatedThreats.aspx?language=us&name=Beware+of+Holiday-themed+Multi-component+Online+Threats


13/14

11

Tofindany

thingyou

needto

knowaboutm

alwareand

allother

onlinethreats,chec

koutourn

ew

ThreatEnc

yclopedia.

ThreatEnc

yclopedia

Forthreatnewsandinformationdirectfromtheexperts,visittheTrendLabsMalwareBlog.

TrendLabsMalwareBlog

Forthelatesttrendsinthecur

rent

threatlandscape,seetheResearch

&Analysissectionof

TrendWatch.TrendWatch
http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://about-threats.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://blog.trendmicro.com/http://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://us.trendmicro.com/us/trendwatch/research-and-analysis/index.htmlhttp://blog.trendmicro.com/http://about-threats.trendmicro.com/


14/14

TREND MICRO

Trend Micro Incorporated is a pioneer in secure contentand threat management. Founded in 1988, Trend Micro

provides individuals and organizations of all sizes with

award-winning security software, hardware and services.

With headquarters in Tokyo and operations in more than

30 countries, Trend Micro solutions are sold through

corporate and value-added resellers and service providers

worldwide. For additional information and evaluation

copies of Trend Micro products and services, visit our Web

site at www.trendmicro.com.

2010 by Trend Micro, Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo are trademarks

or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or

registered trademarks of their owners.

TREND MICRO INC.

10101 N. De Anza Blvd.Cupertino, CA 95014

US toll free: 1 +800.228.5651

Phone: 1 +408.257.1500

Fax: 1 +408.257.2003

www.trendmicro.com
http://www.trendmicro.com/http://www.trendmicro.com/http://www.trendmicro.com/http://www.trendmicro.com/

Trend Micro - Seasons Warning

Documents

Transcript of Trend Micro - Seasons Warning