Top 10 Cyber Monday Threats
Ignoring Red Flags
As the holiday season ramps up, time-strapped users will inevitably be less discriminating about where they go to shop for the hottest holiday gifts. In fact, attackers are banking on the fact that holiday shoppers will be so rushed they will ignore obvious red flags -- like the absence of a padlock icon on a Web page -- in an effort to get affordable prices or a scarce holiday item.
Failing To Check Bank/Credit Card Statements
Of the many things that holiday shoppers have to do, scrutinizing financial statements might not be high on the list. With the multitude of added tasks piled on top of users during the holiday rush, many shoppers will gloss over credit card statements or ignore them altogether.
Social Networking Threats
Now more than ever, attackers know that they can entice users via malicious links with offers of holiday sales and hot holiday gifts through social networking sites. In addition to e-mail and IM, attackers are spamming holiday offers with embedded links via social networking sites, such as Facebook, knowing that users are more likely to click on a link that they believe comes from a trusted source. And during the holidays social networking users will likely receive a barrage of messages from 'friends" inviting them to view pictures, receive special holiday offers or play games. In reality, cyber attackers often hijack users' passwords and social networking accounts so they can launch malicious attacks. And those users who click on an embedded link, stream a video or download a game will likely also download malware onto their systems designed to steal information or incorporate their computers in a malicious spam-spewing botnet.
Inadequate Antivirus
Many attacks could be prevented if users kept up-to-date antivirus/antispyware/antimalware. However, all too often this simple preventative technique takes a backseat to other holiday tasks. Subsequently, attackers that distribute malware will have the most success from users with inadequate security software or none at all.
(Not So) Cute And Fuzzy E-Cards
One of the hallmarks of the holidays for users, so to speak, is that they tend to do things that they normally wouldn't otherwise do -- like blindly clicking on attachments. It may be tempting to click on that cute holiday e-card, even if you're not entirely sure about the sender. They're sweet. They're touching. However, many holiday greeting cards are scams that contain malware that installs information-stealing code or keyloggers onto your computer.
One Password, One Big Problem
In an effort to save time and reduce stress, shoppers often use the same password for multiple accounts--especially during the busy holiday season--when harried users are required to come up with creative passwords and usernames for sites such as Amazon or eBay. While it might be simpler to have a one-size-fits-all password for multiple accounts, it is also tantamount to an invitation for malicious attackers.
Searching In The Dark
What's the first thing users do when looking for the newest hottest toy or Nintendo game? Of course they turn to Google to refer them to the top Web sites. That might not be such a good idea, experts say. Attackers are staying one step ahead of the shoppers this season by utilizing search optimization tools to put their sites at the top of Google's rankings. Meanwhile, Google doesn't screen pages for malware, which means that even malicious sites can make it to the top of Google's search pages if they meet the right criteria. Consequently, search engine scams -- dangerous links impersonating legitimate search results -- will be more prevalent this season as more shoppers turn to the Internet for the bulk of their holiday shopping.
Drive-By Savings
The holidays are famous for making users do things they wouldn't normally do -- that includes visiting sites they wouldn't normally visit -- in an effort to find the best holiday deals. Some of the Web sites ask users to disable pop-up blockers. The result? A pop-up that offers users additional savings with one little caveat -- provide an e-mail address. While users could potentially find discounts and deals, they will almost inevitably be opening a floodgates for spam.
Package Delivery Notices
Among the many holiday scams out there, package delivery fraud and declined credit card payment top the list. This type of phishing attack takes the form of a friendly notice from a package delivery service, and includes a few lines that indicate to the user that the package was unable to be delivered, saying, "We tried to deliver your package, but were unable to reach you. Please click here to reschedule your delivery." Or "Open the attached document to see the problem." Users, especially those worried about packages arriving before the holidays, will be more inclined to click on embedded links, which almost inevitably will download malware onto their system.
Holiday Themed Videos
Attackers are notorious for using the holidays as a hook to entice users to download malware disguised as benign Christmas-themed videos. Many users will automatically accept the invitation and click on embedded links, especially if they appear to be from a friend. However, there's a good chance that the link to the "Santa Gets Stuck In A Chimney" video is really an attacker impersonating a contact with a hijacked Facebook account.