Computer maker Apple announced via its Website plans for a special one-day sale on Black Friday, the annual, unofficial kickoff to the holiday shopping season the day after Thanksgiving. “Come back to the Apple Online Store the day after Thanksgiving for a special one-day-only holiday shopping event,” the site said. “You’ll find dozens of great iPad, iPod, and Mac gifts for everyone on your list.”
One question on many consumers’ minds is what kinds of discounts if any Apple is preparing to offer on its iPad tablet, which has been selling well since its debut earlier this year. In years past, Apple has offered deals on a variety of devices, including notebooks, Apple TV appliances and iPods.
The company won’t be alone in offering tempting deals-Best Buy, Amazon, Walmart and a host of other retailers-online and in brick-and-mortar stores-are rolling out a slew of bargains. In addition, Apple’s App Store is crowded with applications designed to help consumers make the most of these deals.
However temping deals from Apple or other electronics retailers may seem, consumers have cause to shop cautiously. Attackers have set their sights on holiday shoppers searching for leaked Black Friday ads, creating malicious sites that appear on search engine result pages, according to a Nov. 18 alert by IT security firm SonicWall. Called SEO poisoning, hackers create these pages that Google and other search engines pick up thinking they are legitimate, and return them when users type in the search terms.
Security experts at SonicWall UTM Research discovered “polluted” results appearing in search engine results for holiday shopping-related terms in advance of Black Friday sales, the company said. These links take users to a malicious site that tricks users into downloading malware. The terms include “Walmart Black Friday Sales 2010,” “Black Friday” and “Cyber Monday,” according to researchers.
PandaLabs, Panda Security’s anti-malware laboratory, is advising holiday shoppers to be extra wary when shopping online this holiday season. The company noted most of the malware it sees today is specifically built for extracting credit card information, Social Security numbers and other data, which can be used to facilitate identity theft. In fact, 66 percent of the threats in PandaLabs’ malware database are Trojans that specialize in sensitive data extraction.
“Cyber-criminals know this Friday and Monday are two of the biggest shopping days of the year, and Americans are going to be sharing tons of sensitive data online during this period,” said Sean-Paul Correll, threat researcher at PandaLabs. “It’s more important than ever for shoppers to follow best practices to avoid infecting their computers or turning over their private information into dangerous hands.”
Correll said cyber-criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a Website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advised consumers to update Adobe Flash, Adobe Reader and Java software, which are all commonly targeted by cyber-criminals.
“Cyber-criminals have no limits, and will create fake advertisements [and] shopping carts, poison various search terms and more in order to infect your computer and steal your personal data,” a PandaLabs security alert warned. “If you’re unsure if a site is legitimate, run a search online to see if you can determine whether it’s widely known. If you can’t find details on a retailer, PandaLabs advises holiday shoppers to take their business elsewhere.”