The holiday season is upon us, and that means shopping, shopping, shopping! However, the holiday season is also the time for cyber criminals to get to work. If you shop online, you need to understand the tools used to try to trick you into providing access to sensitive information.
One such method is malvertising, which is the practice of using web advertisements to spread malware. Malvertisers use online advertisements that include attractive deals with sensational prices to get consumers to click on malicious links in spoofed or fake online ads.
Here are some ways to help you identify potential malvertising ads — beware of ads that:
n Are poorly designed.
n Have catch phrases, such as “Click here now.”
n Contain spelling or grammar mistakes.
n Don’t have matching hyperlinks when you hover over them with your mouse.
n Contain pop-ups that are unrelated to your recent search history or browsing behavior.
If you have any doubts, even on a secure website you trust, do not click on the advertisement as it could embed malware and compromise your computer.
Although section 5-2 of Handbook AS-805, Information Security, states that “Management … may permit employees to make limited personal use of Postal Service office equipment” for such things as an occasional brief internet search, it is best to limit online shopping to your home computer. This lowers the risk of compromising the USPS® network (See about.usps.com/handbooks/as805/as805c5_002.htm for more details).
To report a suspected cybersecurity incident on USPS-issued equipment, call the Cybersecurity Operations Center at 866-877-7247 or send an email to CyberSafe@usps.gov. You may also call the IT Service Desk at 800-877-7435.
For general cybersecurity information, visit the CyberSafe at USPS® websites on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 12-5-19