While everyone is busy shopping for the holidays, cybersecurity company Kaspersky also warns that cybercriminals are especially fond of the Christmas season when financial transactions are prevalent. In the Philippines, online shopping and being active on social media are historically highest every December. Filipinos enjoy the longest holiday vacations during this month, compared to its neighbours in Southeast Asia.  

As soon as the fourth quarter kicked in, Kaspersky discovered and blocked the top three malicious programs detected to have attempted to infect its users in the country, which are:

  1. Trojan.downloader.Win32.upatre.vma (10,169 attempts), which downloads mostly banking Trojans to steal payment credentials
  2. Trojan.script.agent.bg (4,186 attempts) that downloads and runs other malware, often encrypting user’s data
  3. Trojan.clicker.html.iframe.dg (2,808 attempts) which opens web pages in a browser without the user’s permission, to drive visits to a site to increase its hits

Kaspersky is particularly advising Filipinos to be mindful of banking Trojans which usually target users of online financial services and online shoppers in general. These Trojans use online store brands to hunt for credentials like login, password, card number, phone number, etc. It can intercept input data on target sites, change the online page content and/or redirect visitors to phishing pages. 

“With the long break which we can spend with our family and friends to travel and relax, this holiday season is undoubtedly the most wonderful time of the year. Let us keep it that way by keeping our guards up as we enjoy this season,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“It is the time where shopping online increases and posting on social media is on the rise. It’s also worth noting that a lot of employees may be travelling with their corporate laptops and mobile phones, working remotely to avoid work emails from piling up. These mean additional opportunities for cybercriminals to wage their own holiday campaigns. We encourage everyone to practice basic good online habits throughout this break to keep these crooks out of their way,” adds Siang Tiong.

Here are some tips on how to stay safe online:

  • Wrap your passwords in layers of complexity. Combine letters, numbers and characters to make your passwords a little harder to crack. This is also a good time to change your passwords if you have been using the same one for a long time. 
  • If you’re shopping, scope out sites before buying. Check out reviews of online stores to decide if they’re legitimate and safe before you put in your personal information.
  • Check your purchased list twice. Make sure your email confirmation is legitimate as cybercriminals send out phishing emails for a quick click.
  • Before travelling or working remotely, jot down important details of your devices and service providers. Take note of the IMEI* of your device and ensure that you have the contact details of your service provider based on your destination. 
  • Protect your devices. Just as with your passport, camera or wallet, don’t leave your gadgets  unattended. As a traveller, installing anti-theft software on your mobile devices should be at the top of your list. This is normally a feature in powerful security solutions such as Kaspersky Internet Security. 
  • Access the internet on a secure network. Avoid public Wi-Fi and choose VPN which will provide you with a secure connection that will prevent an attack on your personal information.
  • Charge your device on a wall socket, as possibly as you can. Not all electricity is equally good for your device and connecting them to aftermarket (non-original) charger can turn devices into expensive bricks. And get this: USB ports are designed not just for charging but to transfer data. Attackers can get your phone number, download your contacts, or install malicious apps. Attackers can even call any of the numbers stored at your expense so if you’re roaming, you’ll go home with a shocking phone bill.
  • Stop yourself from clicking on unknown links or downloading attachments. A lot of malware come in the disguise of a confirmation letter as an attachment or downloadable file.