Criminals and scammers are targeting online shoppers looking for deals with too-good-to-be-true offers for Cyber Monday.
shoppers planning to search for that perfect gift are gearing up for online
deals on Monday after Thanksgiving. Security experts warned that scammers are
also ramping up their efforts for the biggest online shopping day of the
With close to
$1 billion in online sales, last year's Cyber Monday surpassed Black Friday as
the highest-volume day for holiday shopping. This year's Cyber Monday is
shaping up to be even bigger, with shoppers expected to do more than a third of
their holiday shopping online, to the tune of $1.2 billion, according to the
National Retail Federation.
more holiday shopping will happen online this year than last, and that means
more scammers will be looking to do some shopping of their own-possibly at your
expense," said Stephen Cobb, a security evangelist for ESET.
term "Cyber Monday Deals" has seen a 400 percent increase in the
month of November, according to search statistics available from Google.
Cyber-criminals created fake Websites targeting keywords such as
"tech," "jewelry" and "toys" that poison search
and appear high on results pages. When users land on these optimized pages,
they are redirected to other malicious sites that download malware onto their
computers or trick them into divulging personal information.
are also at great risk on Cyber Monday, since a significant chunk of the online
shopping will occur while people are at work. In fact, almost 60 percent of the
nearly $900 million in online purchases two years ago on Cyber Monday were made
from the workplace, McAfee said. While shopping, consumers will be
"putting their organizations at risk for malware, spam, phishing scams"
and other threats, the company said.
also pushing out malicious emails pretending to have special Cyber Monday
deals. Users should "beware of everything and everybody," Michael
Sutton, vice-president of security research at Zscaler ThreatLabZ, told eWEEK.
Users need to be "cautious,
vigilant and wary about everything," including search results, what links
to click on, what information is provided online, who sends a message on social
networks and what emails arrive in the in-box, according to Sutton. Users
should not click on links to avail themselves of deals-since if it sounds too
good to be true, it probably is.
McAfee recommended that organizations remind employees to be aware of social
engineering tricks and offer examples of common scams, such as fake e-cards and
offers of free expensive gadgets or deals.
the research team at German security company "eleven" warned about emails
promising a $50 iTunes gift certificate. The messages come with the subject
line "iTunes Gift Certificate" and have a Zip file attached, which
allegedly contains the special shopping code to use on the site. When the Zip
file is opened, it actually executes the Trojan that installs itself and phones
home to a remote server for additional instructions, eleven said.
should make sure their operating system has the latest patches and that all
software, Web browser and security tools are up-to-date. Users need to exercise
caution when going online, regardless of the device being used, whether it's a
laptop or desktop, a mobile device or a Web-enabled device.
recommended monitoring user activity or locking down Internet access to cut
down the probability of malicious activity within the organization. Since
employees are just as likely to use their devices when shopping instead of
using the company-issued system, Staples recommended segmenting the network,
such as creating a "guest network," to separate network traffic
generated by personal devices from corporate resources.
also shop from major retailers and reputable sellers known for delivering what
they offer. The online merchant should have invested in basic security
measures, such as having a valid Secure Sockets Layer (SSL) Web server
certificate from a reputable provider, Mark Bower, a vice president at Voltage
Security, told eWEEK.
transactions, regardless of the device being used, should be done over a secure
connection because, otherwise, a third party can intercept the information.