E-Coupons, Blackhats and the Top Cyber Monday Shopping Scares
Online holiday shopping season kicks into high gear on Cyber Monday, and security experts guarantee that cyber thieves will be primed to attack eager bargain hunters first thing in the morning.
As the first workday after Thanksgiving, Cyber Monday has become the biggest online shopping day of the holiday season, drawing $887 million in spending last year according to a comScore report. And where there's money being spent, there are criminals trying to filter it into their pockets with schemes and scams.
On the list of treacherous scams shoppers that should be prepared to encounter Nov. 29 are fake e-coupons. Shoppers are always searching for great bargains and hackers have the ability to offer the very best deal at least at first glance.
Fake e-coupons work by touting unbelievable savings on the item that consumers have been looking for. But pursuing the savings offered by the fraudulent coupon can let hackers gain access to users' personal information, including credit card numbers.
"The bad guys will user your attempts to be frugal against you, often to steal the very money you tried to save," said Tim Armstrong, a virus researcher at the security firm Kaspersky Lab.
Cyber criminals know what works and will try to trick people by setting up malicious sites using trusted sites such as eBay and Amazon, Armstrong told SecurityNewsDaily. Those fake sites often contain malicious software such as the Zeus Trojan, designed to steal users' credit card information even on trusted online banking sites.
Armstrong recommended dedicating one credit card specifically to online shopping.
Poisoned search results -- referred to as "Blackhat SEO" (search engine optimization) -- occur when scammers fool search engines such as Google and Yahoo "so that infected links rank at the top of your favorite search engine's results on any topic of their choosing," Armstrong said.
Poisoned search results are especially effective around holidays, when shoppers often type a particular item into a search engine rather than look for a specific site.
This is where hackers thrive. In fact, the security firm Webroot surveyed more than 2,500 consumers in the United States, United Kingdom and Australia and found that 59 percent of those who use search engines to find gifts will trust the first few pages of results. This is a significant number, considering the survey also showed 55 percent of people plan to buy at least half their gifts online.
To steer clear of Blackhat SEO this season, Webroot urges shoppers to "go straight to the site."
Webroot also recommends creating separate, complex passwords for each site where users have an account. According to the survey, only 37 percent of people already follow this advice. Extra care is urged when visiting the e-commerce site PayPal , which consistently ranks as a top target for hackers.
When making a final purchase through a website, Webroot advises, people should, "look for the signs of security." Secure sites will have a padlock icon in the browser's status bar. At sites using secure sockets layer (SSL) encryption, the address bar will turn green on secured pages.
Its also recommended that shoppers make sure the retail site begins with https://. Webroot found that 52 percent of consumers don't check for that important website prefix.
It's an oldie but a goodie in the cybercriminal world. A phishing scam sends an e-mail that look reputable, often with pleas to donate to the less fortunate during the holiday season.
Tied in with social engineering attacks, scams like these play directly into people's sympathy, which may be heightened during the holidays.
But as Armstrong explained, Your donation doesn't go to the organization, and the bad guys collect and then sell your identity info in underground dark markets.
If people want to open their hearts and wallets, Armstrong told SecurityNewsDaily, always go directly to the actual website address of any charity or organization you are thinking of donating to. Don't even click on links in e-mails or on search engines to get there.
Social network scams
More than 500 million people are on Facebook, a veritable feeding ground for hackers looking to quickly and effectively spread their holiday-theme scams around.
But security experts warn that posts and private messages, even ones that appear to be from friends, can be corrupted and lead to evil sites or software.
If something online looks suspicious or too good to be true, the security community says it probably is.