Volume 6 Number 48 December 4, 2009

Beware the cyberscams of holiday shopping

According to Consumer Reports, cybercriminals have bilked $8 billion from consumers in the past two years. Watch for scams and cheats when you are web shopping this holiday season.

McAfee security company has made a list of scams of the holiday season, warning of the most common swindles crooks will use to get your money as you cybershop. Not only pretending to sell you something that will never ship, the crooks also operate by grabbing your identity or gaining access to your bank account.

According to Jeff Green, senior vice president of McAfee Labs, these thieves follow seasonal trends and create holiday-related web sites, scams and other convincing e-mails that can trick even the most cautious users.

Scam 1: Charity phishing - be careful to whom you give
Scam 2: Fake invoices from delivery services to steal your money
Scam 3: Social networking - a cybercriminal wants to be your friend
Scam 4: The dangers of holiday e-cards
Scam 5: Luxury holiday jewelry comes at a high price
Scam 6: Practice safe holiday shopping - online identity theft on the rise
Scam 7: Christmas carol lyrics can be risky holiday searches
Scam 8: Outbidding for crime – auction site fraud
Scam 9: Password stealing scams
Scam 10: E-mail banking scams

Don’t let them get away with it! Never click on links in e-mails, which can easily redirect you to false or misleading web sites. If you create a new account use a unique password with letters and symbols, rather than using the same password for all of your logins.

Scam I: Charity Phishing Scams – Be Careful to Whom You Give

During the holiday season, hackers take advantage of citizens’ generosity by sending e-mails that appear to be from legitimate charitable organizations. In reality, they are fake Web sites designed to steal donations, credit card information and the entities of donors.

Scam 2: Fake Invoices from Delivery Services to Steal Your Money

During the holidays, cybercriminals often send fake invoices and delivery notifications appearing to be from Federal Express, UPS or the U.S. Customs Service. They e-mail consumers asking for credit card details to credit back the account, or require users to open an online invoice or customs form to receive the package. Once completed, the person’s information is stolen or malware is automatically installed on their computer.

Scam 3: Social Networking – A Cybercriminal “Wants to be Your Friend”

Cybercriminals take advantage of this social time of the year by sending authentic-looking “New Friend Request” e-mails from social networking sites. Internet users should beware that clicking on links in these e-mails can automatically install malware on computers and steal personal information. Instead of clicking on the link, directly log in to your account to approve friend requests.

Scam 4: The Dangers of Holiday E-Cards

Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Last holiday season, a computer worm came in masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions. Holiday-themed PowerPoint e-mail attachments are also popular among cybercriminals. Be careful what you click on.

Scam 5: “Luxury” Holiday Jewelry Comes at a High Price

McAfee Labs recently uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering “discounted” luxury gifts from Cartier, Gucci, and Tag Heuer. Cybercriminals even use fraudulent logos of the Better Business Bureau to trick shoppers into buying products they will never receive.

Scam 6: Practice Safe Holiday Shopping – Online Identity Theft on the Rise

Forrester Research Inc. predicts online holiday sales will increase this year, as more bargain hunters turn to the Web for deals. While users shop and surf on open hotspots, hackers can spy on their activity in an attempt to steal their personal information. McAfee tells users never to shop online from a public computer or on an open wi-fi network.

Scam 7: Christmas Carol Lyrics Can Be Risky Holiday Searches

During the holidays, hackers create fraudulent holiday-related web sites for people searching for a holiday ringtone or wallpaper, Christmas carol lyrics or a festive screensaver. Downloading holiday-themed files may infect one’s computer with spyware, adware or other malware.

Scam 8: Outbidding for Crime – Auction Site Fraud

Scammers often lurk on auction sites during the holiday season. Buyers should beware of auction deals that appear too good to be true, because often times these purchases never reach their new owner.

Scam 9: Password Theft is Rampant

Password stealing scams proliferate during the holidays, as thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keylogging. Once criminals have access to one or more passwords, they gain vast access to consumers’ bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user’s account to their contacts.

Scam 10: E-Mail Banking Scams through Official-looking E-mails

Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions. They ask users to confirm their account information, including a user name and password, with a warning that the account will become invalid if they do not comply. Then they often sell this information through an underground online black market.

Internet users should follow these five tips to protect their computers and personal information:

1. Never Click on Links in E-Mails: Go directly to a company or charity’s Web site by typing in the address or using a search engine. Never click on a link in an e-mail.

2. Use Updated Security Software: Protect your computer from malware, spyware, viruses and other threats with updated security suites.

3. Shop and Bank on Secure Networks: Only check bank accounts or shop online on secure networks at home or work, wired or wireless. Wi-Fi networks should always be password-protected so hackers cannot gain access to them and spy on online activity. Also, remember to only shop on Web sites that begin with https://, instead of http://, meaning a secure site.

4. Use Different Passwords: Never use the same passwords for several online accounts. Diversify passwords and use a complex combination of letters, numbers and symbols.

5. Use Common Sense: If you are ever in doubt that an offer or product is not legitimate, do not click on it. Cybercriminals are behind many of the seemingly “good” deals on the web, so exercise caution when searching and buying.

Courtesy of McAfee Labs.