Cyber criminals eye year-end online shoppers

A phishing scam targetting those buying via eBay was discovered recently.

Online shopping for New Year gifts may sound cool. But, beware of the risks. Cyber security experts are advising shoppers to be extra vigilant.

Security solutions firm Trend Micro discovered a phishing scam that targets those purchasing an iPhone 4S through eBay. This involved domains that displayed replicated eBay posts for iPhone 4S units.

Amit Nath Country Manager India and SAARC Trend Micro are of the view that common attack types include Blackhat SEO attacks, where search results for popular items such as gadgets and others mislead users to malicious sites. Session hijacking involves sniffing through networks for information such as account credentials, and using it for impersonation..

TIPS FOR ONLINE SHOPPING

• Beware of malicious gift vouchers: Social networking scams inform users to post a shortened URL to receive free vouchers. Avoid downloading file attachments and clicking links embedded in spam and suspicious email.
• Invest in mobile security application: Investing and installing a good mobile security application will lower the risk factor.
• Don’t engage in dubious transactions: Clicking on link leads users to malicious sites and dubious transactions. Immediately delete dubious email, especially those that come from unknown senders.
• Phishing: To avoid becoming a phishing victim, make it a habit to mouse over embedded links or images in dubious email in order to check the legitimacy of the URL that appears on the lower left-hand corner of the browser window.
• Bookmark frequently visited sites: When visiting a site for the first time, directly type in its URL in your browser’s address bar in order to avoid stumbling upon bad sites.

Source: Trend Micro

While India is still new to online shopping, some of the instances in more mature markets like US and UK show how lucrative it is for cyber criminals to dupe online shoppers. The National Retail Federation (NRF) conducted a study revealing that 46.7 per cent of UK consumers are planning to purchase their gifts online, a trend confirmed by Deloitte's annual holiday survey (48 per cent). IMRG, the UK Retail Trade Association calculated that UK residents will spent a staggering 7.75 billion pounds on online Christmas and New Year shopping.

"Online holiday shopping is as engrained in the criminal culture as it is in the popular culture. Criminals are very adept at creating scams that look legitimate to the eyes of the shopper, but are instead meant to deliver malware and information-stealing code, rather than the items on your holiday list. As if this isn't bad enough, the problem multiplies if the person shopping is an employee at work on their lunch break, potentially opening their business network up to expensive and embarrassing data theft, " says Patrik Runald, Websense Security Labs.

This Christmas saw some prominent websites being hacked by cyber criminals. Team of hackers called 'Anonymous' broke into the databse of Stratfor, a security think tank, and stole thousands of credit card details. 360buy, an online shopping mall, saw its websites being hacked.

Vinoo Thomas, product manager, McAfee Labs says shoppers should be on the lookout for offers that are too good to be true. "Search results for good deals online can often divert users to rogue websites. Further, mails announcing an offer to buy a product at less than half the price are common during this season. Now that most people make transactions online, one should also sign up for getting regular SMS alerts on credit/debit card transactions," he says.

Experts say by checking the authenticity of the site (ensuring secure connections), not clicking on suspicious links and by keeping financial information confidential can help shoppers avoid being victimised while making purchases online.