Phish on Christmas menu

Christmas is coming and phishers are expected to take increased advantage of the holiday season this year to con their way to the bank and credit accounts of computer users worldwide, an IT security vendor has warned.

Peter Croft, managing director at Clearswift Asia-Pacific, said spammers – a growing number of whom are using spam as a tool in criminal activities – were expected to hit Christmas shoppers particularly hard this November, December and January.

“There were similar things last Christmas, but I don't think the technology for phishing was as sophisticated as it is now or as widespread,” he said.

Croft said computer users should beware of emails sent by an unknown sender, regardless of what was written in the message's subject line.

Many people were inclined to let their guard down over Christmas, and many more people would be doing a lot of shopping online, he pointed out.

Lots of people sent Christmas cards by email and many people regularly received Christmas cards from people they barely remembered, he said.

A phishing attack disguised as a Christmas card provided an ideal cover for a criminal trying to get personal details from computer users, Croft noted.

“If people get Christmas cards and they don't remember the name and click on the link to see if they remember the person -- bingo, you're caught,” he said.

He said users no longer necessarily had to enter details into a fake website to be vulnerable to such a scam. Phishing had advanced to the point where all a user had to do to expose himself or herself to the attack was open the email or view it in a preview pane, Croft said.

Preview panes should be turned off, he said, and users should keep records of all their online transactions, such as invoice and receipt numbers.

While there were products and services designed to protect users against spam, people would still need to modify their online behaviour if they were to avoid becoming phishing victims, Croft said.

“If you don't recognise the name, it's good practice to be suspicious,” he said.

Users should also keep all their online security applications up to date as much as possible. Too many people only updated once in a while, but it took time for security companies to find and post an online fix for a virus, Trojan or worm, Croft said.

Computer users shouldn't fear that if they don't answer a genuine-seeming email, that they'll miss out on something of benefit, such as a special offer.

“If people really want to find you for a genuine reason, they will,” Croft said. “I got one this morning that referred to 'payment number 06500' or something like that. You click on that and straightaway you've let something on your computer that could send out your personal details.”

Users who believed they had been the victim of a phishing attack should contact the Australian Internet Industry Association (AIIA) or the police.