MOUNTAIN VIEW, Ca. – McAfee is warning consumers about Bad Santas who are gearing up to rip off people who shop online during the holidays. Here are the first six of the 12 Scams, identified by McAfee’s researchers.
1. Charity Phishing Scams. Many popular charitable organizations encourage consumers to think of others during the holiday season through emails asking for year-end donations. According to McAfee’s recent holiday survey, almost 30 per cent of North American consumers plan to donate online this year.
Unfortunately, hackers also know consumers are in the giving spirit during the holidays and prey on their generosity through fake charity phishing emails.
The hackers send fictional emails that appear to be from well known charitable organizations, such as the Red Cross, the Salvation Army, and Oxfam that direct consumers to fake Web sites designed to steal their money.
The Web sites are generally very professional with a fairly high amount of graphical content and a good amount of verbiage designed to make the reader feel upset or guilty. Sometimes the layout and content of these fraudulent sites are copied directly from legitimate charity Web sites with simply a name and a logo changed.
To determine if an organization’s site is legitimate, go directly to their Web site to donate. Don’t ever click on a link sent in email.
2. Email Banking Scams. The current economic climate is not only forcing over 95 per cent of us to spend less money and buy fewer holiday gifts this season, but prompting hackers to take advantage of our bank account balance concerns to bah-humbug the holidays with another common phishing scam.
Financial institutions are the most common phishing scam targets. According to the Anti-Phishing Working Group, during the first quarter of 2008, more than 90 per cent of all phish scams were financial-services related.
With these scams, the bad guys send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don’t comply with the instructions, their account will become invalid.
So remember, call your bank by telephone if you’re concerned about your account. Never give your account details out as a result of an email request or you could fall victim to a popular phish scam designed to empty your wallet. With the stress of the holidays, your guard might just be down enough that you fall for one of these scams.
3. Holiday e-cards. Most people never consider the dangers of e-cards — but unfortunately, there are plenty of dangers, especially during the holiday season. For example, a scam that was popular in 2007, was a New Year’s e-card that included a nasty surprise. When the consumer clicked on the link, they were brought to a malicious Web site that attempted to download Trojan software.
Scammers may send you an e-card that appears as if it’s coming from Hallmark asking you to download an attachment to pick up your e-card.
However, the attachment isn’t really an e-card — it’s a Trojan. This particular Trojan then waits for you to sign onto AOL. If and when you do, it displays a pop-up window that looks like an AOL form, but asks you to verify/update your AOL billing info by providing your credit card, checking account info, and Social Security number.
A few clues that an e-card is not legit are spelling mistakes, errors in the message, unknown senders or senders with bogus names and odd-looking URLS. If in any doubt about the legitimacy of an e-card, don’t open it. Never click on anything from an unknown source.
4. Fake Invoices. During the holidays, lots of friends and families order and send gifts online and scammers try to trick consumers into giving away personal financial details through fraud invoices.
Here’s how this scam works: The bad guys create a fake invoice or waybill and send it via email as an attachment. Once the consumer opens the email attachment there are a few variations – the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.
In every instance, the email either asks the consumer for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.
This kind of scam has been played on many consumers who believed they were receiving emails from FedEx or UPS but instead were delivered a deadly Trojan program or other threat that can lead to identity theft or hacker control of a computer.
To protect yourself, never give your financial details over email to an unknown recipient or open a suspicious attachment. If you want to ensure you are reaching shipping sites like FedEx or UPS, open a browser and directly access the Web site. Also, ensure that your Internet security software is up to date to help spot Trojans and other forms of malware if you have opened a bad attachment.
5. You’ve Got A New Friend! As the joy of the holiday season brings people together and reignites old friendships, many of us are excited when alerted with a message that says, You’ve got a new friend! when using popular social networking sites.
Sadly, in some cases, after clicking on the notice, you NOT have a new friend, but instead have downloaded malicious software that you can’t even detect. Of course, it’s designed to steal personal and financial information. Stay away from friends you don’t know.
6. Dangerous Holiday-Related Search Terms. We love Santa too, but when clicking on the results of a free Santa download search, in addition to the Christmas-themed screensavers, puzzles, and pictures you find, you also could be clicking on adware, potentially unwanted downloads, and spyware.
McAfee SiteAdvisor software found that all of the following holiday-related search terms are risky:
Free Santa holiday screensaver
Free holiday screensaver
Free Christmas screensaver
Free holiday downloads
Christmas tree download
Free Christmas wallpaper
Santa wallpaper
Santa screensaver
Santa ringtones
Santa mail download
Santa download
Free Santa music downloads
When searching for fun holiday-themed downloads, make sure your holiday searches are guided by McAfee SiteAdvisor software the simple green, yellow and red rating system will help you avoid any unwanted gifts you may get along with your Christmas downloads.
This column was written by Erin Bell of ConnectIT, an IntegratedMarCompany
a>>
