Bad Santas are making their lists and checking them twice, gearing up to rip off consumers online with common scams that take the happy out of the holidays.
McAfee reveals their dirty tricks to educate the millions of consumers worldwide who want to enjoy safe shopping this holiday season:
1 – Charity phishing scams – many popular charitable organisations encourage consumers to think of others during the holiday season through emails asking for year-end donations. In fact, according to McAfee's recent holiday survey, almost 30% of US consumers plan to donate online this year.
Unfortunately, hackers also know consumers are in the giving spirit during the holidays and prey on their generosity through fake charity phishing emails.
Here's how it works: The hackers send fictional emails that appear to be from well known charitable organizations, such as the Red Cross, the Salvation Army, and Oxfam that direct consumers to fake Web sites designed to steal their money. The Web sites are generally very professional with a fairly high amount of graphical content and a good amount of verbiage designed to make the reader feel upset or guilty. Sometimes the layout and content of these fraudulent sites are copied directly from legitimate charity Web sites with simply a name and a logo changed.
To determine if an organization's site is legitimate, go directly to their Web site to donate. Don't ever click on a link sent in email.
2. E-mail banking scams – the current economic climate is not only forcing over 95% of us to spend less money and buy fewer holiday gifts this season, but prompting hackers to take advantage of our bank account balance concerns to bah-humbug the holidays with another common phishing scam.
Financial institutions are the most common phishing scam targets. According to the Anti-Phishing Working Group, during the first quarter of 2008, 92% to 94% of all phish scams were financial-services related.
With these scams, the bad guys send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don't comply with the instructions, their account will become invalid.
So remember, call your bank by telephone if you're concerned about your account. Never give your account details out as a result of an email request or you could fall victim to a popular phish scam designed to empty your wallet. And with the stress of the holidays, your guard might just be down enough that you fall for one of these scams.
3 – Holiday e-cards – most people never consider the dangers of e-cards — but unfortunately, there are plenty of dangers, especially during the holiday season. For example, a scam that was popular in 2007, was a New Year's e-card that included a nasty surprise. When the consumer clicked on the link, they were brought to a malicious Web site that attempted to download Trojan software.
Here's another tricky example: Scammers may send you an e-card that appears as if it's coming from Hallmark asking you to download an attachment to pick up your e-card. However, the attachment isn't really an e-card — it's a Trojan.
A few clues that an e-card is not legit are spelling mistakes, errors in the message, unknown senders or senders with bogus names and odd-looking URLS.
Remember – if in any doubt about the legitimacy of an e-card, don't open it. Never click on anything from an unknown source.
4 – Fake invoices – during the holidays, lots of friends and families order and send gifts online. This is no secret to stealthy Scrooges who try to trick consumers into giving away personal financial details through fraud invoices.
Here's how this scam works: The bad guys create a fake invoice or waybill and send it via e-mail as an attachment. Once the consumer opens the email attachment there are a few variations of – the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.
In every instance, the e-mail either asks the consumer for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.
This kind of scam has been played on many consumers who believed they were receiving emails from delivery companies but instead were delivered a deadly Trojan program or other threat that can lead to identity theft or hacker control of a computer.
To protect yourself, never give your financial details over email to an unknown recipient or open a suspicious attachment. If you want to ensure you are reaching shipping sites like FedEx or UPS, open a browser and directly access the Web site. Also, ensure that your Internet security software is up to date to help spot Trojans and other forms of malware if you have opened a bad attachment.
5 – You've got a new friend – ss the joy of the holiday season brings people together and reignites old friendships, many of us are excited when alerted with a message that says, "You've got a new friend!" when using popular social networking sites.
Sadly, in some cases, after clicking on the notice, you not only do not have a new friend-you have downloaded malicious software that you can't even detect. Of course, it's designed to steal personal and financial information. Stay away from "friends" you don't know.
6 – Dangerous holiday-related search terms – we love Santa too, but when clicking on the results of a "free Santa download" search, in addition to the Christmas-themed screensavers, puzzles, and pictures you find, you also could be clicking on adware, potentially unwanted downloads, and spyware.
In fact, McAfee's free and award-winning safe search tool, McAfee SiteAdvisor software, found that all of the following holiday-related search terms are risky: Free Santa holiday screensaver, Free holiday screensaver, Free Christmas screensaver, Free holiday downloads, Christmas tree download, Free Christmas wallpaper, Santa wallpaper, Santa screensaver, Santa ringtones, Santa mail download, Santa download and Free Santa music downloads.
When searching for fun holiday-themed downloads, make sure your holiday searches are guided by McAfee SiteAdvisor software- the simple green, yellow and red rating system will help you avoid any unwanted gifts you may get along with your Christmas downloads.
7 – Coffee shop cybercriminal – while everyone enjoys a warm gingerbread latte while surfing the Net at their local coffee shop, most are not aware of the dangers in surfing on unsecured networks. Attackers can jump on an unsecured wireless Internet connection with a program called a packet sniffer to see what Web sites users are visiting, the passwords they are using, and what bank accounts they are accessing.
Also, an attacker might set up a rogue wireless access point nearby a coffeehouse. If somebody unwittingly connects to the attacker's network, the miscreant can watch just about everything that goes on while that connection is in use and can redirect traffic, sending the unknowing user to the dark alleys of the Internet.
McAfee advises consumers to make sure they have updated security software including a firewall, they've updated the patches on their system-and most importantly, they check bank accounts and shop online from a known, secure wireless Internet connection.
8. Password stealers – the McAfee holiday shopping survey found that 53% of consumers admit they use the same password for multiple Web sites or online services. Consumers need to know that free and low-cost tools exist that make it easy for bad guys to guess passwords and hack into users' PCs. That's a holiday visit no one wants.
McAfee Avert Labs found that attackers go after passwords for banks and e-commerce sites, multi-player online role playing games, instant messaging and finally, social networking sites.
As tricky as getting malware that's delivered invisibly via spam, consumers could get a password stealer downloaded to their PC without even knowing it.
By using the same password, an attacker only has to nab one password to hit all of a user's accounts. So this holiday season, be sure you use have an updated comprehensive security software suite to help prevent access to password-stealing malware. This includes anti-virus, anti-spyware and a two-way firewall. Remember to check to make sure your subscription software is current – and not just trial software that might be expired.
9 – Fraud via auction sites – s nearly 40% of US consumers are expected to visit auction sites to find gifts this holiday season, shoppers must be aware of scammers who will use the increased activity of the holiday season to prey upon new victims. Be sure to read the security and safety policies from such sites.
Pay with a safe payment method such as PayPal or your credit card. These methods offer the most protection for buyers should something go wrong with the transaction.
10 – Holiday-themed e-mail attachments and spam – the bad guys know that emails with holiday-inspired subject lines are intriguing to most consumers. The recent McAfee holiday survey found that 49% of consumers have opened or would open an email with a holiday themed attachment.
Consumers should beware of emails that prey upon their holiday spirit, inviting them to look at homes bedecked with lights or PowerPoint presentations with vague holiday-related subjects. For example, last year an email made the rounds with a Microsoft PowerPoint called "Christmas Blessings" that contained malicious software.
Some examples of subject lines bad guys use to lure consumers into opening a friendly-looking email are "happy 2008 to you!", "happy 2008!" and "new hope and new beginning". Be wary when you see these titles and don't open attachments with odd-looking URLs.
11 – Online identity theft – online shopping offers the 3 Cs: cost, convenience and choice, but there's one more we learned about from the McAfee Shopping Survey: concern.
90% of consumers have some level of concern about shopping online. Unsure of where to shop, they rely on friends and family to determine the safety of a Web site, but friends can only advise on personal experiences, and some sites may have security issues that aren't readily apparent.
For example, sites that store your personal information can be vulnerable to cybercriminals who hack in to steal your identity. In fact, research shows that as many as 80% of Web sites have known vulnerabilities.
McAfee can help. The McAfee SECURET trust mark appears on more than 80 000 sites that pass daily testing for more than 10 000 known hacker vulnerabilities. Your personal information is safer on sites tested by McAfee SECURE because daily scanning for known threats can prevent Web sites from falling prey to the vast majority of hacker crime. Only valid sites that pass the McAfee SECURE service of daily testing can display the trustmark.
12 – Laptop theft – and the last way the bad guys can take the merry out of your Christmas is by outright stealing your laptop! According to the FBI's State of the Net Report (2007), chances of having a laptop stolen are 1 in 10, and according to the research firm Gartner, 97% of laptops are never recovered.
While you are out enjoying the festivities of the season, make sure to be particularly vigilant at this time of year and never leave your laptop in sight in your car.