city5nc.com news, sports, business resources portal & blog

Cybercriminals prey on online shoppers over the holidays. Here are the most common scams and how you can avoid them

Ah, the holidays—that most wonderful time of year when the Web is aflutter with e-mailed season’s greetings, online shopping offers…and cyber criminals. The scams run the gamut, from fraudulent e-mails purporting to be alerts about online transactions to scam gift offers. “There is always an effort by the criminal underground to separate victims from their money this time of year,” says Paul Ferguson, an advanced threat researcher with Trend Micro, a security software provider.

Cybercriminals know it’s easier to get people to fall for scams related to online shopping when they have shopping on the brain. It also doesn’t hurt that the legitimate act of online shopping often involves visits to comparison-shopping sites and strange discount sites. So it’s little surprise that some of those destinations turn out to be fake. “People are particularly vulnerable this time of year because they are looking for bargains,” says Bill Loesch, chief technical officer and co-founder of GuardID, the maker of a device, similar to a USB memory stick, that stores account information and verifies the identity of financial sites.

The rising popularity of online shopping makes for a target-rich environment. Consumers have spent about $25 billion online since Nov. 1, according to a Dec. 20 comScore (SCOR) study. That’s a 19% increase from last year. Security firms expect a similar increase in the amount of online fraud, bringing the total amount lost online to $3.6 billion this year, according to a November survey by CyberSource (CYBS), an electronic payment and risk management firm.

So what can consumers do to protect themselves from unwittingly buying someone else’s holiday gifts this season? For starters, they can keep an eye out for the following common holiday scams:  

You’ve probably heard the one about the Nigerian bank manager who needs your “confidential” help opening a U.S. account to transfer millions in oil-related profits. But those “dear friend” e-mails are fairly primitive compared with some of the devious phishing techniques criminals have come up with to trick consumers into handing over account information.

In fact, phishing attacks have become more successful in recent years. According to a survey by research firm Gartner, released Dec. 17, more than 3.6 million adults lost money as a result of phishing in the 12 months ending in August, 2007. That’s up from 2.3 million people in 2006.

One reason for the increase is the ingenuity of the scams themselves, which can look identical to legitimate notices from financial institutions such as Citibank (C) and PayPal, the leading online payment service from eBay (EBAY). Many of these e-mails open with warnings of imminent account cancellations or detection of fraudulent activity, which can make consumers more likely to click a link in hopes of rectifying the problem.

But the link typically directs to a fraudulent copycat site or downloads malware—software that scoops up account and other information—onto the computer, says Shane Keats, a research analyst with McAfee (MFE), a security software provider. “At some point this season you will get an e-mail saying that your auction account has been hacked and you must respond now,” says Keats. “Don’t panic.… It is not real. The auction sites and the banks don’t send that information by e-mail.”

For instance, phishing e-mails purporting to be from PayPal often begin with “Dear PayPal user” or “Dear PayPal member.” On its Web site, PayPal says it uses first and last names of customers when sending them e-mails; anything without the full name is a scam. PayPal also has an e-mail address, spoof@paypal.com, where users can report notices they suspect are fraudulent.

Read More:BusinessWeek.com