10 tips to avoid being “Scrooged” online this holiday season.

From our friends at SurfRight, makes of Hitman Pro Anti Malware.

In a year when online shopping sales have shown continued growth in excess of $226 Billion in 2012, online holiday shopping is also projected to increase, with a projected $2 Billion in sales for Cyber Mondayalone, according to Adobe Systems. Online retail sales for the Holiday season are expected to exceed $96 Billion according to Shop.org, fueled in no small part by an increase in mobile shopping and increased social media marketing. 

The end-of year shopping frenzy has once again attracted the attention of cybercriminals. Not content with the $110 Billion they have cost consumers worldwide this year, online criminals are looking at the holiday shopping season to fill their own stockings with looted cash. 

In an effort to get ourselves on Santa’s “nice” list, we have compiled a list of tips to help keep holiday shopping fun and safe.

1. Make sure you have an antivirus installed and updated. Set it up to scan frequently during the holiday shopping season.
Like spam, spreading identity-stealing malware is a numbers game that is practiced on a massive level. It only takes a small percentage of victims to net large sums of money to cybercriminals through stolen personal and financial data.  The easiest people to target are those who do not have any security measures in place.  
If the holiday season has tightened your budget, there are a number of decent free antivirus products available on the market today from vendors such as Avast!, AVG, Avira, Microsoft and others. They usually lack the advanced security features and support of paid products, but are a good line of defense if nothing else is available.  

2. Check if your antivirus is working properly
Even if you do have a working antivirus program, you should double-check your computer for an infection. According to European security vendor Surfright, when checking over 1 million computers that had an antivirus installed, 24% were still infected with a virus. You can use products like HitmanPro to get a second opinion about potential malware already on your system, as well as cleaning it up if exists.

3. Be cautious of emails warning you of unshipped or delayed items.
A favorite tactic of cybercriminals is to create emails that create a sense of urgency to the intended victim in order to get them to click a link containing malware.  Knowing that people want to make sure their gifts arrive in time, cybercriminals send fake emails purportedly from the U.S. Postal Service, UPS or FedEx claiming that a delivery was delayed.  All you need to do is click a link to check your status, and a “drive-by download” can occur, making your computer open to identity theft if you try to use it for purchases or online banking. Any legitimate communication from shippers will usually also contain a tracking or other reference number.  Copy and paste this number to the delivery company’s actual site whenever possible.  This simple extra step can save you a lot of headaches down the road. If you see attachments within these types of emails, avoid opening them, as shippers rarely send attachments with their emails.

4. Give extra scrutiny to “card declined” or unrecognized “invoice” emails.
A close cousin to the shipping email is the credit card email.  Again, cybercriminals want you to think a purchase has not gone through, or that unauthorized purchases are being made from your credit card, all to get you to click a link that can install malware or get you to enter your personal information.  Sometimes legitimate sites are temporarily hijacked for this purpose, and the link to the malware leads to these sites.  Again, do not click these links, call your bank and find out if there is any recent unauthorized activity happening with your account.

5. Double-check unfamiliar online shopping sites
These sites are a less common tactic, but several do exist. They might come up on search results when you look for specific model items like flat screen televisions or video game consoles. You can check the domain with free online tools that contain user feedback such as Norton Safeweb or Web Of Trust that can give you a very good idea of how trustworthy a site actually is.

6. Watch out for Christmas-themed deals that are “Too good to be true” on consumer electronics.
Many large e-tailers and retailers run incredible sales  in order to make the season jolly, but beware, some lumps of coal may appear online or in your inbox. Typically they are the hot items of this year and last year at 70%-90% discounts.  Although you might see some “door buster deals” on Black Friday and Cyber Monday, don’t expect to pay $100 for that new iPhone 5 or iPad Mini. These types of scams are also seen as links on Social Networking sites such as Facebook, so you might want to install a free security Facebook app such as SafeGo, to keep dangerous links off your Facebook feeds.

7. Make sure your operating system, browser, and critical software such as Java, Adobe Acrobat and Adobe Flash are up to date.
Making sure your operating system is up to date is essential to safe shopping online.  Outdated software can be exploited by cybercriminals in order to install malicious software without your consent.  Here are some links to check if you are up to date:
Microsoft Windows XP
Microsoft Windows 7
Microsoft Windows Vista
Java
Adobe Flash
Adobe Reader (Download the latest version)

8. Be aware of so-called “Ransomware”
One of the fastest-growing cyber-scams at the end of 2012 are “ransomware” attacks.  A virus attaches itself to your computer and typically places a supposed warning from a government agency such as the FBI, claiming that you have violated copyright laws and are subject to fines.  Your computer then has limited functionality until you pay the supposed fine through a convenient method such as a money transfer card, available at your local convenience store. In reality, these funds usually go to some overseas scammer, but the computer is impossible to use until the fine is paid. Antivirus programs and second opinion scanners should be able to remove these threats, but when in doubt, contact your local computer repair shop and have them take a look at it.  Taking this step could save you a significant amount of money if this happens to you.

9. Use reputable online shopping sites that are verified by third parties.
During the holiday season, hackers go into overdrive, trying to infect legitimate websites with malware that is later on spread to unsuspecting victims.  Before entering sensitive data or downloading anything from online retailers, make sure you are accessing it through a secure encrypted page (you will see https:// in your address bar and other icons indicating that the connection is encrypted in your browser).  Also check on the payment page for third party verification seals.  The more popular ones are TRUSTe, Norton Secure (Formerly Verisign), McAfee Secure and Comodo, which ensure your transaction is private, and that the site is scanned daily for vulnerabilities or tampering.

10. Identity theft can also happen over the phone.
We are all familiar with phishing scams, which attempt to get the victim to give up personal information that a criminal can use to perpetrate fraud. There is also a telephone version of this scam that is also growing and frequently targets landline owners. It works in a similar fashion to its online cousins.  The caller claims to be from the bank, a store, or delivery service, and presents an issue that needs to be handled. In order to take care of this, they just need you to verify your social security number, account number, online banking password or other piece of sensitive data.  One thing to remember is that no online business will ask for a password over the phone. Some businesses may ask for your account or social security, but before volunteering this information, you should get an issue or tracking number and opt to call them back, preferably on the number that is printed on your bill.

Conclusion
Online shopping continues to grow and each year it becomes more and more popular. The Holiday season is a time of heightened activity when a lot is going on and we tend to have our guard down. Criminals know this fact, and use it to their advantage with clever tricks and increased activity directed towards consumers. It is therefore extremely important to protect yourself with software updates, antivirus protection, and being aware of potential scams in order to reduce the risk of online fraud happening to you. Increasing your online protection with a variety of different tools as well as a second opinion malware scan is a good idea, and cost-effective. With awareness and a little bit more vigilance, we can keep the season merry for ourselves and our loved ones.