Blog: How Tos

Hackey Phishmas!

Tom Roberts 16 Dec 2013

Twas the night before Xmas, and over the net,
Not a hacker was still, they were making a bet,
Their websites were crafted, and put up with care,
The phishing emails were sent, ready to scare.

The victims were waiting, to find a great deal,
Their creds they were giving, ready to steal,
Mamma with her card, and dad with his ‘zon,
Hoping not to get scammed, their money all gone.

When out came a deal, too good to be true,
And anyone who used it, would find themselves blue,
For this wasn’t legit, the site was there with some Flash,
And many would be found, they were parted with cash.

So I raise this, a warning I know,
Be careful where you shop, you just never know,
Some sites may look like they have a great deal,
But not all are legit, and some designed to steal.

So this Xmas I warn you, take extra care,
Don’t fall for the phish, don’t fall for a scare,
Double check your websites, with deftness and skill,
Or you’ll wind up taking, the bitterest pill.

I’ve penned this little bit of seasonal poetry to raise an important point to everyone. This is the season where people look for deals and jump at “last minute” offers. Some will be valid and you will be a happy consumer but hackers are just as aware as everyone else that those that don’t “look before they leap” may inadvertently use a site which appears valid but is just there to steal your usernames and passwords to mainline sites. Once they obtain them they will fund their very own “festive season”, alas it will be with your cash.

Some basic tips to keep you safe:

    1. Read any emails that come in. If the deal looks good go to the URL directly (by typing it in or using google to search it) or use your own bookmarks to visit it. The site (if reputable) will list these deals on their normal portal.
    2. Don’t click on the links in emails. This is a hard one I know but if you are in ANY doubt go back to step 1.
    3. Check the site far validity. Check for:

a. Valid company name in the URL. Double check it.
b. Use sites that are secure and have a valid HTTPS:// start and no warning around certificate errors.
c. Be very wary of any URL sent in an email that has lots of strange looking characters after the main company ID (or even something that looks familiar but isn’t quite right)… such as

  1. Be careful of pop ups that appear when you don’t expect them. Especially those asking you to validate your username/password.
  2. Make sure your browser and operating systems are patched and up to date.
  3. Heed any warnings given to you by Anti-virus products or warnings that appear from your browser.
  4. Use reputable sites that you trust and have used before.

I could list a lot of technical advice but just take this one last word of warning. Hackers and phishers see this as just as much of a busy season as everyone else does. We are all concentrating on other things and that small lapse in concentration could mean the difference between getting what you order and getting scammed.