Be wary of unsolicited messages, according to the US-CERT. Rather than clicking on links from banks, retailers and other online merchants, recipients should type in the web address directly into their browser, say security experts. Some messages are designed to appear to come from legitimate senders, but instead contain links to a phony web page masquerading as a legitimate website.
In April, a phishing campaign used the Boston Marathon bombing to lure people into viewing videos, photos and other content related to the incident, according to Symantec. The campaign used an automated toolkit to set up the attack, sending victims to a malicious web-page-hosting, data-stealing malware.