DHS Offers Cyber Strategies for the Holidays

Although most of us believe that we are at least somewhat cyber savvy when it comes to protecting our personal information, rushing through the holiday season may make us just a little careless with our electronic transactions.  The Department of Homeland Security offers the following suggestions and recommendations that should serve as a reminder to us all…

Preventative Strategies:  The following preventative strategies are intended to help our public and private partners proactively look for emails attempting to deceive users into ‘clicking the link’ or opening attachments to seemingly real websites regarding holidays season ‘deals’. The following represents some best practices to follow but is not an exhaustive list:

  • Never click on links in emails.  If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly.  Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.
  • Never open the attachments.  Typically, retailers will not send emails with attachments.  If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.
  • Do not give out personal information over the phone or in an email unless completely sure.  Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors.  If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number.  Just because they may have some of your information does not mean they are legitimate!  Again, be careful when providing any information over the phone. For further information regarding holiday scams, visit: http://www.us-cert.gov/current/index.html#holiday_season_phishing_scams_and

Points of Contact:  While the U.S. Government does not endorse a particular solution, identifying vendors with experience managing cyber incidents may reduce the time it takes to mitigate damage and restore service or operations if compromised. Any cyber intrusion, including data breaches involving a monetary loss or financial nexus, can be reported to any of the FBI’s 56 Field Offices.  For FBI field office contact information, please consult your local telephone directory or see the FBI’s contact information web page:  http://www.fbi.gov/contactus.htm

US-CERT (www.us-cert.gov) offers a wide variety of technical and non-technical information to make use of both before and after an incident. A variety of documents with information regarding defensive measures to combat a computer network attack are available at:  http://www.us-cert.gov/nav/t01/