As the holiday season draws near, an increasing number of people will be doing their shopping in cyber space with their gifts arriving through the mail delivery services. The MS-ISAC reminds users to be alert and is providing the following information to help you stay safe.

Phishing emails, intended to trick individuals by luring them to websites where they enter credit card and other confidential information, continue to be lucrative for cyber criminals around the world. According to the company RSA, for the first half of 2012, estimated worldwide losses from phishing attacks alone amounted to more than $687 million. Attack numbers averaged 32,581 per month - a 19 percent jump compared to the second half of 2011. (Source: http://blogs.rsa.com/rsafarl/phishing-in-season-a-look-at-online-fraud-in-2012/)

Phishing attacks also solicit personal information by posing as trustworthy organizations in specially crafted emails or websites. They tend to proliferate after major events that lead to increased charitable contributions (e.g., hurricanes, floods), and cyclical events (like presidential elections, holidays or tax day).

The United States Postal Service (USPS) is warning consumers to be cautious "of fake emails seemingly coming from the [USPS], telling you that they have failed to deliver one of your packages on time." (http://www.net-security.org/malware_news.php?id=2310)

Additionally, during the holidays, consumers should be on the alert for phishing emails reportedly coming not only from the USPS but also from UPS, FedEx and other delivery services. The phishing emails may:

• notify the homeowner of a package delivery or online postage charge
• direct the consumer to click on a link or open an attachment
• create a strong sense of urgency by, for example, claiming the homeowner will incur a daily charge or fee for every day the package is held and not delivered

To avoid becoming a victim, the MS-ISAC recommends that you:

• Do not respond directly to any unsolicited (spam) incoming e-mails, and do not click on links contained within those messages.
• Never reveal personal or financial information in email.
• Never respond to email solicitations for personal or financial information.
• Never send sensitive information over the Internet before checking a website's security and confirming the legitimacy of the website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

For More Information:

USPS -- Beware of Spam: Bogus E-Mails Sent to Postal Customers:
https://postalinspectors.uspis.gov/radDocs/consumer/SpamAlert.pdf

UPS -- Learn to Recognize Fraud:
http://www.ups.com/content/us/en/resources/ship/fraud_ups_recognize.html

FedEx -- Defending Against Fraud:
http://www.fedex.com/us/security/prevent-fraud/index.html