5 risks to avoid for the holidays

'Tis the season for social engineering scammers who like to prey on shoppers. CSO spoke to Troy Gill of AppRiver, who outlines five risks that are particularly common during the holidays.

Shopping for victims

From now until the New Year, retailers will offer daily deals, bonus savings, and other incentives in order to part you with your money. Unfortunately, crooks will be doing the same thing this time of year. Read on for five cons to be aware of this month.

(Also see: 12 Scroogeworthy scams for the holidays)

Keyboard of computer
Reuters/Kacper Pempel

Spoofed emails

"Spammers and malware distributors often craft messages to appear as legitimate correspondence from the likes of UPS, FedEx, PayPal and many other online shippers and/or retailers. Dur the holiday season, malware-laden emails can be slightly more convincing since many people expect shipping and/or payment confirmations after making online purchases," Gill said. 

Such malicious messages will contain malware designed to either download additional harmful applicaions, or worse copy your keystrokes and steal financial data as you shop this season, or any other time of the year should the infection remain undetected.

Fake messages frequently include instructions to open an attachment or click on a link. Ignore the message completely, don't open anything or follow any links. Head to the company's website directly, or call them if needed.

Spyglass on keyboard

SEO poisoning

"Cybercriminals use search poisoning tactics when they want to direct users to a hacked web page and infect computers with malware. How? Scammers begin by infecting a website by implanting malicious exploits and then utilize keyword injection to ‘game’ search results. So, when users search for the scammer’s keywords they might come across an infected page, and if vulnerable, malware will begin to infect the device instantly with little or no detection," Gill explained. 

"In the past, cybercriminals used popular product names as key terms. And what better audience for SEO poisoning than eager online shoppers searching for the best product deals?"

To avoid this type of risk, stick to the major outlets and retailers, and only visit their official website.

Fake e-card

Fake e-cards

"To the analytical eye, these cards are fairly easy to spot. But to the casual viewer fake e-cards are convincing enough to wreak havoc. E-cards often infect users with Spyware or Ransomware, thereby stealing identities, banking credentials or nearly every file on your computer (as recently illustrated by CryptoLocker)," Gill said.

When in doubt, don’t open it. Some of the tell-tale signs that an e-card is malicious include: unrecognized senders, it contains instruction to take some sort of additional action like opening an attachment and/or it requires you follow a link or download a file.

Public Wi-fi
Reuters/Brendan McDermid

Shopping from unsecured networks

"If you're connecting to an unsecured public Wi-Fi hotspot, anyone can access your data using packet capture capabilities or a man-in-the-middle attack. Bad guys can collect data like credit card numbers, account logins/passwords, email communications and anything else that they can exploit for profit."

The best thing you can do to avoid this is to browse the web and create a gift list, but wait until you're back home on a secure connection to actually make the purchases. If you do use a public WI-FI, then pay close attention to your address bar to ensure you see the https:// prefix and do not enter personal information unless that connection is being made. Or better yet, use a VPN connection. 

Gift cards
Julie Ewald/Flickr

Gift card scams and counterfeit products

Each shopping season, Gill said, there is a a large increase in the number of websites pushing fraudulent items, and many more emails directing you to malicious sites. Some of the common scams include bulk gift card purchases, from unknown or seemingly random websites or steep discounts on high-dollar items. 

"Common sense is usually the best deterrent for avoiding counterfeit products since a fifty dollar Rolex is pretty obviously too good to be true. These bogus products can be avoided all together by shopping with reputable retailers and doing some research on the ones you are not familiar with. Also avoid shopping via banner ads and offers in email (unless it’s from a known trusted source)," Gill added.