Holiday shopping is at its peak, and as always, cybercriminals are ready to take advantage of eager buyers all over the globe. This year, reports say that online shopping in the United States is set to exceed sales from traditional brick-and-mortar shops, providing more opportunities for cybercriminals to set up money-draining scams.
This is not a new trend for online scammers and cybercriminals. For years, we have seen how scams targeted at consumers have peaked during the holidays. Since 2008, we’ve been keeping track of the many sites and spam campaigns that have tricked consumers into giving up credit card information or other valuable data. The rise in the volume of these sites during the holiday shopping season is completely predictable, and consumers can protect themselves simply by knowing how these scams work.
Tricking You into Clicking
Users have become better at identifying spam, but cybercriminals have also improved their social engineering methods. Many of the lures they use look very authentic, carefully tailored to mimic a typical email or message that users click every day without thinking.
Currently, we're seeing these types of headlines or topics used to lure users:
Below is an example illustrating how cybercriminals use these headlines. The typical spam email looks like a normal notice sent by a postal service, but it includes a nondescript link leading to a malicious site that delivers malware:
Figure 1. Spam from a November campaign pushing a banking Trojan
During the holiday season when everybody is ordering multiple gifts from different sites, a buyer might just click a link like this without a second thought. In this particular case, clicking the link would prompt a user to download an invoice, which is a Word document. The invoice would then ask users to enable certain features that would allow the download of malware.
Other scams are stealthier. We’ve seen cybercriminals create fake check-out pages linked to legitimate shopping sites. These pages are set up to capture credit card information. This year, travelers are big targets—many scammers are putting up counterfeit sites or advertisements for fake hotels or cheap flights. Travelers think they’re getting lucky with a cheap deal, but in reality, they’re being conned out of their money.
There has also been a rise in social media scams. All over the world, we’re seeing an increase in the quantity and diversity of the scams used on social media platforms. Many small business owners rely on social media to connect with customers, and even conduct their payments and organize deliveries through their social media accounts. Cybercriminals take advantage of this informal trading platform and trick consumers by impersonating brands or distributing fake notices for deals and sales. Typically, these scammers either phish for credit card information or try to get users to download malware onto their devices.
Avoiding Phishing and Other Scams
Being aware of these methods helps you identify them and avoid clicking on malicious links. Here are other tips:
Holiday shopping is tricky—you order online to avoid the lines or the overcrowded malls but then encounter a whole new set of risks. The best way to ensure safe shopping is to be aware of the threats that are out there and take the necessary precautions. Trend Micro™ Smart Protection Suites can detect malicious files and spammed messages as well as block all related malicious URLs. Trend Micro Deep Discovery™ has an email inspection layer that can protect users by detecting malicious attachments and URLs, while Trend Micro Internet Security has security features that can detect malware at the endpoint level.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.