Cyber security expert: Don’t open that email

After Santa has come and gone, the stockings are emptied and the holiday decorations put away, yet another surprise could be waiting in your email inbox. The period between Thanksgiving and tax season is known in the Internet security community as prime time for cyber criminals to attack.

“Pretty much from November to the end of April, a lot of cyber crime really spikes in that five and a half month time,” said Gary Hayslip, Chief Information Security Officer for the City of San Diego.

Experts say cyber criminals are hoping to take advantage of a boost in online shopping and credit card activity, especially as many people file their taxes online. The most common scams come in the form of emails asking for money or personal information.

“This happens a lot during Christmas, people are shopping,” said Hayslip. “They’ll get emails from, they’ll get emails that say something is wrong with your credit card account, click this link to go to the help desk to fix it, of course that link is taking you to Moscow or Kiev, it’s not taking you to Amazon.”

Hayslip describes these cyber crime networks as sophisticated, operating in countries around the world where punishments are relatively low. And, he says, they’ve learned how to target their scams to their victims through social engineering.

“Forget what Hollywood tells you about hackers, throw that out the window,” said Hayslip. “They’re not kids in people’s basements. A lot of the cyber criminals are very professional organizations.”

When the average person goes online, he only see about 20 percent of what’s really contained in the Internet. The so-called “dark web” is not mapped by well-known search engines like Google and Yahoo. The dark web is where hackers and criminals interface, sell data and stolen credit cards, and learn to customize their scams to different cultures and languages.

Often, criminals will disguise their emails as messages from well-known companies like UPS, FedEx, even Microsoft. The email might warn a user that his computer has a virus and include a link. But before you click, beware. An innocent mistake could instantly download malware onto your device, giving the hackers access to your accounts and your contact list.

“When most people get an email, they want to trust that email,” said Hayslip. “And I say it’s healthy to be a little paranoid.”

The best way to protect yourself? Hayslip and his colleagues have a few basic suggestions they call “cyber hygiene.” First, install the most recent updates on your devices. Second, use anti-virus software and make sure it’s updated.

Finally, when in doubt pick up the phone.

“Any kind of emails that are asking about information, financial information, it looks like it’s a family member and it’s an emergency, ignore the email and make a phone call, reach out and talk to somebody,” said Hayslip.