Security expert company ESTsecurity (Representative Jeong Jin-il) revealed five information security rules that users must follow for a safe Lunar New Year holiday on the 18th.

▲ Prohibition of illegal file downloads via file-sharing sites

As the flu and COVID-19 are spreading simultaneously, many people are expected to spend the holiday period watching movies or dramas instead of going home.

Files distributed through file-sharing programs are likely to contain malware, and video streaming sites that are free to watch often come with a lot of advertising for revenue generation, which can automatically download malware through their servers, requiring special caution.

When downloading content or watching videos, you must use the official route, and if an unintended file is automatically downloaded during web surfing, it must be deleted immediately. It is also advisable to install a reliable antivirus such as ALYac to protect your PC safely.

▲ Caution against phishing pages that attempt to steal account information

During the holiday period, when internet use increases, it is expected that phishing attacks attempting to steal account information will intensify.

Attacks that steal account information are primarily attempted through phishing emails containing links to phishing pages, and lately, attacks that attempt to steal account information by displaying a portal login popup when accessing a normal page have also been frequently detected.

If account information is leaked, it may lead to secondary and tertiary attacks using the leaked information, which can cause additional damages, so special care is needed.

When receiving emails, it's important to check the sender's address and always verify the URL of the visited page. Additionally, setting up two-factor authentication can further strengthen individual account security and prepare for any eventualities.

▲ Be cautious of smishing texts that induce 'Callback'

Many gifts are exchanged during the holidays, and smishing related to shopping malls and overseas direct purchase payment content is expected to increase.

Rather than including a malicious link in an SMS, smishing that induces callbacks by incorporating a number such as customer service is rampaging. If you call the number, it will try to steal personal and financial information by leading to the installation of a malicious app after verifying your identity, and recently the same type of smishing with content like opening financial accounts, issuing certificates, etc., has been detected, so special care is needed.

If you receive a suspicious SMS, do not call back but immediately delete it, and installing a mobile-specific antivirus such as ALYac M is recommended to keep mobile devices safe.

▲ Caution against using open Wi-Fi

During the holiday period when many people travel, caution is needed against information leakage through open Wi-Fi.

Open Wi-Fi has the advantage of reducing personal data charges, but there are various risks such as malicious users inducing user access by disguising a normal SSID or redirecting them to phishing pages through DNS manipulation.

It is recommended that users minimize the use of open Wi-Fi, and if it must be used, avoid financial transactions or services that require login, and use cellular data when checking sensitive materials.

▲ Caution against hacking attacks targeting corporate confidential information

Caution is needed against hacking attacks targeting corporate confidential information.

Hacking attacks targeting companies occur frequently during holidays and weekends when most corporate security personnel are away.

Corporate security personnel should check internal infrastructure and employee PCs before the holiday period, patch vulnerabilities and prepare to respond promptly in case of a hacking attack through backups of important data and updating emergency contact networks.

Meanwhile, ESTsecurity is running an intensive monitoring system to prepare for email and smishing attacks using holiday-related keywords, through cooperation with the Korea Internet & Security Agency (KISA), and is preparing for cybersecurity incident response. In particular, they emphasized special caution as timely measures are difficult to take due to the absence of responsible personnel if a cyber attack occurs during the holiday.