Beware of Online Grinches

Ensure your holidays remain happy by avoiding these online shopping hazards
Dec 2010
by Robin Wark

Cyber criminals have become masters of social engineering techniques. They use holiday themes to prey upon people. We're taking a look at some of the schemes and threats that you should watch out for this holiday season.

Facebook
In late November, a warning was spreading quickly on Facebook about a Christmas tree app being a Trojan virus. While security companies have said it was just a hoax, the popular social networking site is definitely a place where malware is spread. Clicking on links can take you to unwanted sites that request you click to download a fake video codec to view something, but are really trying to install malware. One software company reported that 66 per cent of malware in their database are Trojans focused on collecting sensitive data. These malicious programs attempt to collect your credit card number, banking information and even social networking credentials to be used to drain your accounts, rack up bills or for identity theft.

Twitter
As of late, there have been many reports of holiday-themed Twitter tweets that lead to sites that try to infect your computer with malware. Some of these tweets include titles like "Nobody Cares About Hanukkah" or "Shocking Video of the Grinch." As with the Facebook threats, many of these try to get you to download a fake video codec. Some experts advise people to avoid clicking on links in top trending topic areas - especially in Twitter as you usually cannot see the whole URL - to avoid being infected.

Web
Everyone is looking for a deal during the busy shopping season. You should be wary of deals online that are too good to be true and stick to reputable online stores. If using eBay, check out the seller's reputation. As well, it is a good idea to carefully watch your credit card account for fraudulent charges. If you use your card a lot during the holiday season, a fraudulent charge might slip by if you are not careful.

Free is certainly an eye-catching word. Unfortunately, some "free" deals online come with a pretty big price tag. With iPads being a popular item this year, there are numerous reports of scams where people are offered one free. In some cases people are asked to purchase another item, but it is just a scam to get their credit card or banking info. They never receive either product. Other versions include people taking a quiz, which really is a sign-up for a mobile phone scam that reportedly costs $10 a week. There are also various similar gift card scams being reported.

While some people are looking for gifts online, other are seeking ways to make extra cash to pay for Christmas. There are various scams that claim to offer high-paying, work-at-home jobs. However, the real goal is to get information that could be used in identity theft. Thieves can then set up accounts in your name.

Travellers should also be careful when planning their vacation getaway. Cyber criminals have been known to set up fake holiday rental websites. They often ask for down payments via credit card or bank transfers.

Email
During the holiday season, your inbox might be bombarded with emails for some of the scams explained above. It is also good to be wary of e-cards. They are an easy and environmentally friendly way to send Christmas greetings, but hackers have been known to load fake ones with links to computer worms and viruses. As with any email, it is a good idea not to click on links in messages and especially not from unknown senders.

Emails asking for funds for various charities is also a very common scam. It is a good idea to plan your charity giving in advance and stick to it. Visit your charities' websites directly by doing a search or typing in a URL and not by clicking on a link in a message.

Cell phone
More and more people are using their smart phones to do their shopping. On these you often can't see a full website address so it is important not to click on links in advertisements in email messages.

Smishing is a common trick criminals use to catch cell phone users. Smishing is a phishing scheme using Short Message Service (SMS) texts. The texts appear to come from a reputable company, often your bank, but are really a scam. They might say there is something wrong with your account and ask you to call to a number to verify your information. It is a ploy to get your confidential data.

The holidays are a great time of year, but you need to be careful. By being aware of common schemes, such as the ones above, and exercising caution you can avoid being caught by a cyber Grinch.

Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.