The holiday season brings a number of things with it – in addition to festivities and season's greetings, consumers are also looking to purchase gifts and find the biggest discounts and deals possible. However, cybercriminals are aware of this fact, and use the uptick in online activity and e-commerce to expand their attack scope.
Unfortunately, the end-of-the-year shopping rush can also bring malicious actors out of the woodwork, seeking to spread malware and steal valuable personal information. So what threats and risks do consumers face this year, and how can they protect themselves? Let's take a look:
Back to basics: Tried-and-true malicious strategies
Each year, hackers trot out a few approaches that shoppers have likely seen and been warned about before. Even though awareness is a bit higher for these malicious strategies, cybercriminals continue to utilize them, simply because they work.
One such trick is to create fake promotions or sales to attract victims to click a malicious link and unleash malware onto their device. According to Trend Micro, hackers know shoppers are on the hunt for the best deals possible, and use this knowledge to their advantage during the holiday season.
"Cybercriminals respond by churning out fake promos and deals, all to steal information and to spread malware," Trend Micro pointed out.
In recent years, many consumers have also begun sending e-cards as opposed to traditional holiday cards in the mail. Hackers have started utilizing this practice to spread malware as well by creating legitimate-appearing e-card sites. When users provide the recipients' email addresses, cybercriminals send them what looks like a festive card, but is actually a front for a malicious infection.
So how can users protect themselves from fraudulent sales and e-cards? One of the best ways is to avoid unfamiliar brands or websites, no matter how good the deal being offered might be. It's helpful to check the Web address to ensure that nothing is off – a misspelled or shortened brand name could be a sign of a fake.
'Tis the season for spam and phishing
In addition to offering up fake promotions and e-cards, hackers also leverage a higher number of spam and phishing campaigns during the holidays. Phishing emails that target specific consumers or groups of users are highly popular with cybercriminals at the end of the year.
For instance, Trend Micro reported that in 2013 one popular phishing scheme involved a spam email sent to British users offering cheap flights to popular tourist destinations. The email featured the name of a well-known airline, as well as an attached file that promised even more available destinations. However, the attached .PDF was a well-disguised executable file designed to steal personal information.
Hackers have also created spam and phishing campaigns to target customers shopping for the season's hottest gifts. For instance, cybercriminals have established phishing sites offering everything from mobile devices to an array of toys, video games, jewelry and more. During the 2013 season, smartphones and tablets were some of the most popular gifts, and 27 percent of the phishing sites discovered by Trend Micro researchers offered fake discounts on these products meant to entice victims into sharing personal information.
Spotting a fraudulent email or phishing website is a bit difficult, but if users exercise caution during their online activities, they can protect themselves. This time of year is one of the busiest when it comes to spam emails. For this reason, users should never open an email or an attachment from an unknown sender.
Before filling in payment card information or other sensitive details on websites offering deep discounts, shoppers should double check the Web address and look for signs of security. Legitimate retailers utilize SSL encryption to protect sensitive information during a transaction. Customers can look for the SSL seal on the payment page or a small green lock that will appear in the Web address bar before providing any personal information.
Moving to the mobile platform
Hackers have also expanded their scope to mobile devices. According to the Kiplinger's Personal Finance magazine editors, cybercriminals have established phishing campaigns targeting mobile users. These typically come in the form of text messages requesting charitable donations, or offering discounts or gift cards from well-known retailers.
"There's a good chance they're fake," Kiplinger's editors stated. "If you respond, you may be prompted to divulge personal information, such as your credit card number."
As text messages are usually not encrypted, this would mean sending personal information in plain text via an unprotected platform, which is never a good idea.
Cybercriminals have also begun creating fake mobile apps to target victims during the holidays. These might be seasonal games or apps promising the biggest shopping deals. Whatever the case, these are similar to legitimate-appearing phishing websites – they are established solely in an attempt to steal personal information. Oftentimes, fake apps can be spotted by their permissions – a holiday game app, for example, shouldn't need permission to access your contacts, GPS location and other factors that have nothing to do with the game itself.
Overall, the holiday season brings numerous threats and risks. However, if users are aware of these vulnerabilities, are careful during their shopping and know what to look for when it comes to malicious activity, they can reduce their chances of infection.
A solution specifically created to help safeguard online activities – like Trend Micro's Premium Security 10 – is also a valuable asset during this time of year. To find out more, contact Trend Micro today.