Prepare for Cyber Monday Shopping Risks

Some of the greatest bargains of the holiday shopping season are offered online on Cyber Monday. Of course, cyber criminals and malware developers are also gearing up for the biggest online shopping day of the year, so you better have your defenses up before you jump online and start making purchases.

The clock is winding down to the 2010 holiday shopping season. Black Friday--the day after Thanksgiving that marks the official kick-off of holiday shopping is one week away. Granted, it has lost some of its appeal as retailers have spread bargains out over the entire month of November to try and be the first to capture your coveted shopping dollars.

The Monday following Thanksgiving weekend is Cyber Monday--a day of much holiday shopping and little productivity as people return to work and spend all day surfing the Web for online deals.

Holiday shopping online is simple and convenient, but also comes with security risks to watch out for.
A representative of TRUSTe--an Internet privacy services provider--explained in an e-mail, "Consumers seldom think twice about shopping online. It's fast and easy. Yet it's also a goldmine for online retailers harvesting enormous amounts of personal and private information," adding, "This year the risks are greater than ever, since the volume of online sales continues to grow. In fact, 25 percent of holiday purchases are expected to be online. And the risk is changing too: more and more consumers will be shopping on the mobile web, where many of the protections they take for granted online just don't apply."

In response to the phishing scam targeting PayPal, a PayPal spokesperson contacted me to share some guidance to keep PayPal customers protected. PayPal recommends that users choose a strong password that isn't easily guessed or cracked. It also suggests using an updated Web browser like Internet Explorer 8 which has stronger security controls, and to have some sort of antimalware protection on the PC. Lastly, PayPal reiterates the well-known, but frequently ignored, advice not to click on links in e-mail messages, and implores users to simply exercise some common sense.

I spoke with Trend Micro's David Perry. He pointed out that when a shopper drives into a shady neighborhood there is a gestalt that drives increased caution and awareness--whether conscious or unconscious. With online destinations, a Web site is a Web site is a Web site for the most part, and it's difficult to tell if you're shopping on "the wrong side of the tracks".

Trend Micro describes some of the common threats shoppers can expect to encounter on Cyber Monday. For example, deals that are too good to be true (like an iPad for $100) are probably not true. Cyber criminals will also take advantage of the holiday season to exploit fraudulent charities, and fake e-cards to infect PCs and rake in money.

Perry recommends that users run a full AV scan before Cyber Monday to make sure the PC is clean and is not already compromised with malware that might capture credit card info as it's entered. There is no excuse not to have some sort of AV installed. There are plenty of options available for free, and many of the commercial consumer AV products offer one month evaluation copies which could at least protect you through the holidays. If you want a second opinion, you can also conduct an online scan using Trend Micro's free Housecall online AV scanning tool.

Perry suggests sticking with established, reputable online entities like Amazon and PayPal. Visiting unheard of sites in search of super bargains can be an invitation for trouble. Finally, Perry notes that some banks offer additional security controls such as an additional PIN, or some other form of two-factor authentication to prevent credit card or bank card fraud. Check with your bank before you begin holiday shopping to see if it offers any extra protection you can use

One last piece of Cyber Monday advice: think twice...no, think three times before entering credit card info while connected to a public Wi-Fi hotspot, or using a PC in any public area such as a hotel lobby or your neighborhood Starbucks.

Subscribe to the Security Watch Newsletter

Comments