e-Shopping Advisory for the Holiday Season

by CXOtoday Staff    Dec 09, 2008

* Buy from a trusted website: Are you buying from a trusted brand? Can you tell where the company you are buying from is based? Does the site provide you with contact details or an after sales service number? Are sale conditions available and printable? Do other online shoppers recommend this site?

* Make sure that you buy trusted products: Is the product legal in your country? Are you sure it is not a counterfeit product? Do you have sufficient information about the product? And is the product traceable?

* Make sure that personal details are protected: Before you validate a transaction, or verify your personal details, make sure you know how your personal details will be used (promotional purposes from the website, shared with related third parties, etc.

* Make sure that online payments are done in a secure environment: Use secure and trusted payment systems such as Digipass authentication to prevent fraudsters from accessing your personal and financial details.

Beware of these:

* Charity Phishing Scams:

Many popular charitable organizations encourage consumers to think of others during the holiday season through emails asking for year-end donations.

Unfortunately, hackers also know consumers are in the giving spirit during the holidays and prey on their generosity through fake charity phishing emails. The hackers send fictional emails that appear to be from well known charitable organizations, such as the Red Cross, the Salvation Army, and Oxfam that direct consumers to fake Web sites designed to steal their money.

* Email Banking Scams:

The current economic climate is not only forcing over 95% of us to spend less money and buy fewer holiday gifts this season, but prompting hackers to take advantage of bank account balance concerns to bah-humbug the holidays with another common phishing scam. Financial institutions are the most common phishing scam targets. According to the Anti-Phishing Working Group, during the first quarter of 2008, 92% to 94% of all phish scams were financial-services related.

With these scams, the bad guys send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don’t comply with the instructions, their account will become invalid.

So remember, call your bank by telephone if you’re concerned about your account. Never give your account details out as a result of an email request or you could fall victim to a popular phish scam designed to empty your wallet. And with the stress of the holidays, your guard might just be down enough that you fall for one of these scams.

* Holiday e-cards:

Scammers may send you an e-card that appears as if it’s coming from Hallmark asking you to download an attachment to pick up your e-card. However, the attachment isn’t really an e-card — it’s a Trojan. This particular Trojan then waits for you to sign onto AOL. If and when you do, it displays a pop-up window that looks like an AOL form, but asks you to verify/update your AOL billing info by providing your credit card, checking account info, and Social Security number.

A few clues that an e-card is not legit are spelling mistakes, errors in the message, unknown senders or senders with bogus names and odd-looking urls. If in any doubt about the legitimacy of an e-card, do not open it. Never click on anything from an unknown source.

* Fake Invoices:

Spammers create a fake invoice or waybill and send it via email as an attachment. Once the consumer opens the email attachment there are a few variations of - the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.

In every instance, the email either asks the consumer for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.

* Holiday-related Search Terms:

McAfee has determined a list of holiday-related search topics that it has deemed risky. These include free Santa holiday screensavers, holiday downloads, wallpapers, Christmas tree downloads, Christmas-related ringtones, etc. Clicking on these could leave you open to adware, spyware, and other malware attacks.

* Holiday-themed email attachments and spam:

Holiday-inspired subject lines are intriguing to most consumers. The recent McAfee holiday survey found that 49% of consumers have opened or would open an email with a holiday themed attachment. Consumers should beware of emails that prey upon their holiday spirit.

(Inputs have been provided by VASCO Data Security and McAfee Inc.)

Related links:
A Guide to Christmas Scams