Holiday season hacking: Beware of malware and phishing in order confirmation emails.

The Holiday Season Is a Great Time to Watch Out for Phishing Attacks

The Holiday Season Is a Great Time to Watch Out for Phishing Attacks

Moneybox
A blog about business and economics.
Dec. 3 2014 5:38 PM

Watch Your Inbox: Phishing Attacks Spike Because of Online Holiday Shopping

349618093_9547deb43e_b
'Tis the season to be ... hacked?

Photo by Lara via Flickr

Ordering gifts online for family and friends this holiday season? Inbox inundated with confirmation emails? You could be the perfect target for holiday hackers.

Brian Krebs at Krebs on Security is warning that consumers be on high alert this month for malicious links and attachments in emails purporting to "confirm" online orders. "Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities," Krebs writes. His post shows a series of somewhat convincing malware emails that appear to come from Home Depot, Walmart, Target, and Costco.

Advertisement

Holiday hacking is a perennial problem for both customers and retailers. As transaction volume rises, retailers will often lower their fraud controls so that the sales can continue apace. This creates a window for hackers to strike and get away undetected. Krebs notes that the particular breed of "order confirmation" spam emails tends to start around Thanksgiving and run through the end of the winter holidays. The phishing attacks use "both booby-trapped links and attached files" to put malware on computers that can then pull passwords and other important information from the machines.

Huge security breaches have already hit JPMorgan Chase and Home Depot this year. Last winter, Target suffered an attack that compromised the credit and debit cards of 40 million people and the personal information of 70 million. From January through the end November, a record 696 data breaches were reported and nearly 81.5 million records exposed, according to data from the Identity Theft Resource Center. The previous record for most breaches in a year was 662 breaches in 2010.

So go ahead and shop online for the holidays. But when the order confirmations start to pile up, be very, very careful about what you end up clicking.

Alison Griswold is a Slate staff writer covering business and economics.