Cybercriminals take advantage of increased shoppers who lower their guard during the holidays.
Davor Pavelic/Ikon Images/Corbis
You downloaded the app because it advertised fantastic holiday deals. Who could resist?
You open it up and it looks like a copy of Amazon, but it doesn’t work very well. Frustrated, you delete it. Problem solved, right?
Not so fast. The malicious app has already gotten its claws into your phone, collecting your personal information. Discovered by security researchers at zScaler, this is real. It’s one of many attempts hackers and fraudsters will make to take advantage of your zeal for deals.
Cyber Monday, the annual online shopping spree after Thanksgiving weekend, might seem like a dream come true. Who wouldn’t love all those deals? But there’s someone else who might be even happier than you are about that discount e-reader or smartwatch. That would be criminals.
“For cybercriminals, Cyber Monday is like Christmas,” said Tim Erlin, an executive at cybersecurity company Tripwire who focuses on fraud in commerce. As sales jump up during the holidays, so does fraud.
A whopping 40 percent of annual online fraud happens during the last three months of the year, according to Rurik Bradbury, a marketing executive at e-commerce security company Trustev.
Why so much? The holiday shopping season creates the perfect combination of ingredients for fraud. Take a heaping helping of shoppers online, which means a lot more credit cards and personal information available to steal. Add in a generous number of those those shoppers throwing caution to the wind by clicking on links that promise fabulous deals. Now sprinkle a dash of passwords that people reuse for their Facebook, bank and work accounts.
Psych! This fake log-in page for eBay, found by security experts at Webroot, could have tricked you into handing over your credentials and potentially your credit card number. The Web page pictured is no longer active.
Screenshot courtesy of Webroot.
All hackers have to do is cook up an app or set up fake deal websites, and then attract you with an email promising great deals. Click the link and — bam! — you’ve downloaded malicious software. Your computer or phone is now compromised by hackers. You don’t even have to hand your credit card number over to the criminal. Though if you do, it’s even worse.
While hackers are getting better at tricking us, we’re also using the Internet much more for shopping. Last year, Cyber Monday sales exceeded $2.5 billion in the United States, according to a report from financial analyst firm Forrester, which called the day of online deals, “the single largest online shopping day of the year.” Forrester analysts expect this year’s Cyber Monday to be just as strong. Total online holiday spending should go up, too, according to the National Retail Federation. E-commerce holiday sales could tally as high as $105 billion.
What’s more, criminals might be more driven this year to take their fraud online. That’s because it’s getting harder to steal credit card information from in-store computers with the introduction of new chip technology in the US that’s already popular overseas. Experts say that will squeeze more fraud into the e-commerce realm, rather than eliminating it altogether. It could increase as much as 106 percent, according Trustev research.
But Santa, I’m trying to be good
The good news is that you can protect yourself by keeping in mind the same tips that keep you safe year round. Visit established retailers’ Web pages by typing in the Web address in your browser or by using a trusted search engine. Don’t go to the website from a link in an email or your second cousin Lisa’s Facebook post, for example.
Related Cyber Monday coverage
The best Cyber Monday tech deals we’ve found so far
RIP Cyber Monday, long live Cyber Sunday
Black Friday and Cyber Monday deals for PC gamers
See all our Cyber Monday coverage
You should also monitor your credit card statements after you make your purchases. Oftentimes criminals who’ve reaped your information from a scam will test out your card with small purchases to make sure it’s valid. They usually do it pretty quickly.
Credit card issuers also suggest signing up for transaction alerts that will send you a text message for all transactions over a certain amount. Some credit card companies also let you tie the location of your smartphone to your credit card. If someone makes a purchase in Albuquerque, New Mexico, and you’re with your phone in Bangor, Maine, the fraudster will have no joy.
Do all that, and you’ll be prepared. Just remember the hackers have been preparing for this for months. Just like you, they want goodies, Erlin said, and that’s why they go to so much trouble.
If you’re a fraudster without a Cyber Monday scam, “then you won’t get the presents.”