It may be the “most wonderful time of the year,” with special offers and sales galore, but it’s also the most likely time to have your identity stolen, cyber experts warn.
Hackers and online fraudsters are impersonating brand-name retailers and scaring consumers with fake emails, purchases and links in an effort to hook unsuspecting shoppers with phishing scams.
“They know we’re frazzled, they know we’re easily distracted and they know — and hope — that we’re going to click on one of those links, which will end up having malware downloaded on our computer,” said Ryan Gerding, a spokesman for the anti-spyware and malware firm Enigma Software.
The National Retail Foundation estimated that about 78 million people were expected to shop online for holiday discounts on Cyber Monday, with one-day profits expected to total $6.6 billion.
Mr. Gerding said the chances of getting a computer infection increase with the uptick in web traffic. As online shopping grows year to year, more Americans are at risk of being hacked.
“Last year during the holiday shopping season, which we counted as Black Friday through Christmas, infections on our customers computers jumped 99.23 percent and that was a bigger spike than in 2015 and in 2014,” Mr. Gerding said.
Cybersecurity firm Carbon Black reported that phishing attacks — emails, messages or pop-ups with corrupted links — rose last year by 20.5 percent during November and December, and are expected to increase even more this holiday season.
RiskIQ, another cybersecurity intelligence firm, warned consumers of an increased risk of mobile infections during this time — their most recent analysis identified at least one in 25 smartphones apps referencing “Black Friday” as unsafe and malicious.
Without naming retailers, RiskIQ said they identified and blacklisted 32,000 apps and 1,451 URLs that impersonate the top five most popular e-commerce sites.
“The findings confirmed that threat actors are using these well-known brands specifically to exploit the popularity of Black Friday shopping in both web and mobile,” RiskIQ wrote in its report.
Mr. Gerding said one of the more sophisticated tactics hackers use is to send an email disguised as from a leading online retailer — like Amazon or PayPal — and asking users to dispute a suspicious purchase by clicking on a link.
“Instead of canceling the transaction it’ll take you to a site that either will download malware or to a site that looks like an actual PayPal site and says enter your password information here, and then they’ve stolen it and your account has been hacked,” he said.
There are a number of ways people can protect against such viruses. One is to be vigilant about suspicious links.
“Think about that link. Anytime you get an email, or anytime you get a message via social media where there is a link inside of it and it’s something you weren’t expecting, stop and think a minute before you click on it,” Mr. Gerding said.
Other advice includes having an anti-spyware or -malware program that deletes infections as soon as they attack computers. Keeping computer and mobile phone operating systems up to date also help protect against hackers. Make sure passwords are secure and updated regularly.
RiskIQ recommends to always look for the “S” in “HTTPS” or a lock symbol in the web browser when visiting shopping sites. These ensure security and encryption of personal data.
Also, never provide credit card information unless it’s a secure shopping portal, RiskIQ advises, and that sites that ask for this information in return for coupons or to win free merchandise are scams.