While most shoppers are finishing up their online holiday purchases, some are still scrambling to get last-minute deals on gifts. The clock may be ticking on holiday shopping, but cybercriminals are shoring up their efforts to scam unsuspecting consumers in the last two weeks of the season.
"Many businesses are still rolling out deals to entice online shoppers, but with attractive Internet deals come the cybercrooks who design new ways to trick you into parting with your cash," said Troy Gill, senior security analyst at Web security firm, AppRiver.
Gill advised consumers to watch out for five major cyberscams as they finish up their e-commerce holiday shopping. Here's what they are and how to protect yourself from them:
Increased email threats. Spammers and malware distributors often craft messages to appear as legitimate correspondence from the likes of UPS, FedEx, PayPal and many other online shippers and retailers. This effective technique is used year-round, but during the holiday season, malware-laden emails can be slightly more convincing since many people expect shipping and payment confirmations after making online purchases. Despite the fact that these messages often look very believable, there are some common elements that should not appear in legitimate shipping or payment confirmation emails. Fake messages frequently include instructions to open an attachment or click on a link. If an email contains a questionable link, just ignore it and navigate to the company's website directly in the browser.
SEO poisoning. Cybercriminals use search poisoning tactics when they want to direct users to a hacked Web page. They begin by implanting malicious code on a Web page, and then utilize keyword injection to game search results. When users search for the scammer's keywords, they might come across an infected page, and if vulnerable, malware will begin to infect the device instantly with little or no detection. Cybercriminals often use popular product names as key terms, and what better audience for SEO poisoning than eager online shoppers searching for the best product deals? Pay attention to the sites listed in your search results. If you are looking for a good deal on a new iPad, for example, be suspicious when search results include a link to a blog or some other non-consumer goods website. It's likely that the blog was hacked and became a host for malware.
Fake e-cards. Each year, spam and virus filters quarantine millions of malicious e-cards. To the analytical eye, these cards are fairly easy to spot. But to the casual viewer, fake e-cards are convincing enough to wreak havoc. E-cards often infect users with spyware or ransomware, thereby stealing identities, banking credentials or nearly every file on your computer. Telltale signs that an e-card is malicious are unrecognized senders, and instructions to open an attachment, follow a link or download a file.
Shopping from unsecured networks. Many users seek refuge from the holiday crowds at the nearest coffee shop, where they can watch the action while making gift purchases online. Just be careful where you connect to the Internet when you make those purchases. If you're connecting to an unsecured public Wi-Fi hotspot, anyone can access your data using packet capture capabilities, or a man-in-the-middle attack. Bad guys can collect data such as credit card numbers, account logins/passwords, email communications and anything else that they can exploit for profit. The best thing you can do to avoid this is to browse the Web and create a list, but wait until you're on a secure connection to actually make the purchases. If you do use a public Wi-Fi connection, then pay close attention to your address bar to ensure you see the "https" prefix and do not enter personal information unless that connection is being made.
Counterfeit products. During the holiday months, there is a large increase in the number of websites pushing fraudulent items, and many more emails directing you to malicious sites. Common sense is usually the best deterrent for avoiding counterfeit products — a $50 Rolex is pretty obviously too good to be true. These bogus products can be avoided altogether by shopping with reputable retailers and doing some research on the ones you are not familiar with. Avoid shopping via banner ads and email offers, unless it's from a known, trusted source.
Originally published on BusinessNewsDaily.