Cyber Monday: 3 online shopping scams and why people fall for them

Ready to take advantage of those great sales you're hearing about online? Check out these common schemes before you click

By , Senior Editor

November 29, 2010CSO

Checking email, logging onto Facebook and IMing with friends are all common activities people engage in during break time at the office. But today, social networking may take a backseat to online shopping for holiday gifts. Known as Cyber Monday, the first Monday after Thanksgiving is the day online retailers expect to see an uptick in activity as the population heads back to work, giving them access to work computers and, as a result, an opportunity to start holiday shopping.

Also see: Checklist: 11 security tips for Cyber Monday

According to the National Retail Federation, nearly 107 million people will shop online this Cyber Monday, up from 96.5 million last year. However, research released this month by ISACA, a non-profit global IT governance association, finds while the overall number of online shoppers may be up, people plan to spend less time shopping online from a work-supplied computer this holiday season than they did a year ago. The survey, "Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Internet Safety Survey" finds people will spend about 6 hours shopping from a work computer or mobile device vs. 14 hours in 2009 (Related: Holiday shopping will strain security)

But online shopping is becoming an increasingly risky activity, said John Pironti, security advisor with ISACA and president of IP Architects. While people may spend less time shopping this year, the chances they take are riskier than ever.

"The bigger risk really comes to down to the fact that the adversaries have gotten smarter and better in attack methods and users aren't heeding warnings as much as they used to," said Pironti. (Also see: Social Engineering: The Basics)

Pironti laid out three schemes he predicts users will fall for while shopping this year — opening up their employer's network, and data, to possible breach.

Scam links on Facebook, Twitter and other social media sites
ISACA's research finds 42 percent of users report accessing social network sites like Facebook from their work-supplied computer or mobile device. If that 42 percent is interested in holiday sales and shopping, they might just be vulnerable to fake links claiming to have information about great discounts.

"We've seen a tremendous uptick in the use of social networking as a portal to transmit bad links," said Pironti. "The hacker community is really taking advantage of the fact that they are able to exploit trust in social networking to have users clicking on their false links."

This year, expect to see fake sites set up by criminals who then send out links about sales and deals which lead to malicious sites, said Pironti. He also says be wary of links from friends claiming to tip you off to a great coupon or sale. Ditto for any link that promises you can win a free iPad, the hot item this year that criminals are using as bait.

RESOURCE CENTER