Beyoncé's career in 📷 Solar eclipse guide 😎 Previous US disasters Play to win 🏀
TECH

Do's and don'ts to dodge cybergrinches

Byron Acohido
USA TODAY
The Grinch, in a scene from How The Grinch Stole Christmas

One you're done with turkey and pumpkin pie, prepare yourself for an onslaught of tainted Web links and viral attachments, deployed by cybergrinches to take over control of your computing device.

These malicious digital gifts will come at you in e-mail, social media postings and search results -- decorated like greeting cards, coupons, shipping documents and other innocuous bits of info. Brett Stone-Gross, researcher at Dell SecureWorks, supplied CyberTruth with these dozen tips for making it harder for the bad guys to spoil your holiday good cheer.

  • Be wary of holiday gift cards, holiday coupon offers, holiday cards, photos, etc., sent via e-mail. These often have malicious links within the offer which lead to downloads of info-stealing Trojans or the hackers try to scam you out of your bank account information.

  • Type the actual Web address of the retailer you want to visit into your browser. Do not follow links provided by e-mail offers or pop up ads. Many times these are fraudulent sites made to look like the legitimate retail sites.

  • Avoid using debit cards to do online purchases when possible so as to limit your personal exposure to any possible fraudulent transactions. Use a credit card that limits your fraud liability

  • Always look at your Web browser for the https (as opposed to http) protocol that proceeds a Web address. The "s" let's you know that the website is providing a layer of security for transmitting your personal information over the Internet.

  • Be wary of unsolicited e-mails, even from senders that you know, that include links or attachments. Before clicking on links or attachments, try to verify the authenticity with the sender.

This is a faked shipping document carrying a link the turns control over to the Cutwail botnet.

  • Be especially cautious of clicking on links posted on social networks and micro-blogging sites. Shortened URLs make it easier to share, tweet or email links, but they also create a security threat, as it easy to disguise the destination of the malicious links.

  • Ensure that your browser, browser plug-ins, anti-virus, and other software are patched and up-to-date. Patch management is key. It is critical that as soon as the patches become available that you install updates for your applications and for your computer's operating system.

  • Use a dedicated computer for any online banking and bill paying. That computer or virtualized desktop should not be used to send and receive e-mails or surf the Web, because web exploits and malicious e-mail are two of the key malware infection vectors.

  • Reconcile your banking statements on a regular basis with online banking and/or credit card activity to identify potential anomalous transactions that may indicate account takeover.

  • Be cautious about installing software (especially software that is too good to be true – e.g., download accelerators, spyware removal tools), and be wary of pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often, the "free software" and pop-ups have malware embedded.

  • Be wary of e-mails notifying you that your banking certificate or token is out of date and to download a new certificate or token. Before taking any action, verify with your financial institution by calling them on a number that is not provided in the email.

  • Avoid using weak or default passwords.

Featured Weekly Ad