Photo (cc) by Stéfan
We’ve already told you about The Top 5 Holiday Scams for 2010 and the 5 Pitfalls of Online Holiday Shopping. To complete the trio, let’s talk about what you can do to protect yourself before, during, and after you buy that perfect online gift.
“During the holidays, the rush to quickly buy presents drives consumers to let their guard down and bypass their normal security precautions,” says Boris Yanovsky, vice president of software engineering at SonicWall. “Phishers and scammers are expecting this. Unfortunately, consumers won’t learn the extent of any damage until it’s already too late and the holidays are over.”
Yanovsky advises online shoppers to “arm themselves against the flood of holiday-related threats.” Here are his nine tips for doing just that…
1. Purchasing and payments
“Phishing for additional personal information such as your credit card number is common during the holidays,” SonicWall says. You might receive an email purportedly from Amazon or eBay that they “were unable to process your credit card transaction.” Don’t reply to the email. If you actually have a pending transaction with an online merchant and suspect there could be an issue, go to their site and see what’s up.
When you’re buying something online, look for the “lock” icon on any page that’s asking for information. Says SonicWall…
“There is a de facto standard among web browsers to display a ‘lock’ icon somewhere in the window of the browser (NOT in the web page display area!). For example, Microsoft Internet Explorer displays the lock icon in the lower right of the browser window.”
When you see the icon, Click (or double-click) on it to see details of the site’s security. This is important to know because some fraudulent web sites are built with a bar at the bottom of the web page to imitate the lock icon of your browser.
Also check the web address and make sure it starts with the letters “https” – that “s” on the end is crucial, because it means “secure connection.”
2. Holiday offers from your favorite retailer
Email offers abound each holiday season – some legit and some perhaps not. Problem is, reputable companies you want to hear from get mixed in with the dangerous stuff, and it becomes hard to tell the difference.
Make sure that offer is legitimate first by hovering your cursor over any links in the message to see where they’re directing you, then by double-checking the offer by going to retailer’s website. And, SonicWall says, “If you do respond to a legitimate offer, use a primary email address for people you know and get yourself a secondary address for all other purposes. Never respond to suspicious offers, as this will confirm to the sender that your email address is ‘live.”‘
3. Social media threats
While most people know to be careful who they friend on Facebook, the holidays are easy pickings for phishers and spammers who pretend to be “reconnecting” during this joyous time of year. You may also get special holiday “offers” or invitations to play “games.” So check those privacy settings and be a social media grinch.
4. Discounted gift cards
Gift cards are one of the hottest items this holiday season, with 62 percent of shoppers saying they’ll buy at least one as a present. So the bad guys know how to lure you into their trap – by offering discounted gift cards. Says SonicWall…
“Check with the retailer and use PayPal when making your purchase. If the site asks you to mail in an order or does not accept PayPal or credit cards, be aware, as you may become the victim of fraud.”
5. Greeting card threats
We’ve all gotten those amusing electronic birthday or anniversary cards before. During the holiday season, your email inbox can be full of them. But clicking on an e-card can send you to a link that asks you to download some software to make the card play.
Instead, it can download a virus. It doesn’t even matter if you recognize the sender of the e-card, because there’s a fair chance their computer got infected with the virus, and it’s now replicating.
Bottom line: Don’t download anything to play an e-card. It’s not worth the chuckle.
6. Delivery threats (UPS and FedEx)
So you get an email that reads, “We tried to deliver your package, but were unable to reach you. Please click here to reschedule your delivery.” Any other time of year, you’d be skeptical. But you have sent some packages this holiday season, so you click. Congratulations, all your personal information has been harvested from your computer.
“As with any online business transaction, never click on links that arrive unsolicited,” SonicWall says. “When shopping or doing business online, instead go to the company website directly by typing the URL in your web browser instead of clicking on a link.”
7. Holiday-themed games and videos
Same thing goes for any “click here” messages for holiday games and videos. But let’s face it, these are hard to resists, especially when the email promises you can play “Elf Bowling.” And as mentioned above, if you click the video link, be suspicious if you’re asked to download a plug-in.
8. Popular Google search results
Google and other search engines are deleting malicious URLs all the time, but during the holidays, searches using popular keywords like “Christmas” can overwhelm them – and lead to malware getting on your computer.
“For example, a search for free printable Christmas stickers may lead to links that initiate a malware attack,” SonicWall says. “Make sure that your system is updated with the latest virus protection and the latest security patches.”
9. Harvest attacks after the holidays
Talk about a delayed reaction. Some sophisticated scammers use all these methods to take advantage of your goodwill toward men in December – and sit on your personal information until January.
Says SonicWall: “Online shoppers should brace themselves for online fraud and phishing attempts during the second and third weeks of January – about the time December’s credit card bills arrive.”