Shopping on Cyber Monday? Beware the 12 Scams of Xmas

Getting a bargain on Cyber Monday seems compelling. But with online shopping comes the risk of cyberscams.

According to Consumer Reports, cybercriminals have bilked $8 billion from consumers in the past two years. And as Americans open their wallets and their browsers for deals this week, scams and cheats are sure to increase.

To keep you safe as you shop, security company McAfee has broken down the 12 scams of Christmas, warning of the most common swindles crooks will use to try to sneak your wallet, your identity or access to your bank account. “These thieves follow seasonal trends and create holiday-related Web sites, scams and other convincing e-mails that can trick even the most cautious users,” warns Jeff Green, senior vice president of McAfee Labs.

Don’t let them get away with it! Never click links in e-mails, which can easily redirect you to false or misleading Websites. If you create a new account to buy, say, a new sweater from J Crew, use a unique password with letters and symbols, rather than using the same password for all of your log-ins.

And of course, be sure to use security software from a respected company. recently rounded up the 2010 versions of software suites from the big names in security: McAfee, Norton, Kaspersky, AVG, and more. Most packages run $50 to $80—a small price to pay for peace of mind as you shop.

Scam I: Charity Phishing

During the holiday season, hackers take advantage of citizens’ generosity by sending e-mails that appear to be from legitimate charitable organizations. In reality, they are fake Web sites designed to steal donations, credit card information and the identities of donors.

Scam II: Fake Invoices from Delivery Services

During the holidays, cybercriminals often send fake invoices and delivery notifications appearing to be from Federal Express, UPS or the U.S. Customs Service. They e-mail consumers asking for credit card details or require users to open an online invoice to receive a package. Once completed, the person’s information is stolen or malware is automatically installed on their computer.

Scam III: Social Networking Friend Requests

Cybercriminals take advantage of this time of the year by sending authentic-looking “friend request” e-mails from social networking sites. Clicking on links in these e-mails can automatically install malware on your computer or steal your personal information.

Scam IV: Holiday E-Cards

Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Last holiday season saw phony Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions. Holiday-themed PowerPoint attachments are also popular among cybercriminals.

Scam V: Holiday Jewelry

McAfee Labs recently uncovered a new holiday campaign that leads shoppers to malware-ridden sites claiming to offer discounted luxury gifts from Cartier, Gucci, and Tag Heuer. Cybercriminals even use fraudulent Better Business Bureau logos to trick shoppers into buying products they never receive.

Scam VI: Online Identity Theft

As bargain hunters surf for deals using free wireless networks at the local cafe, hackers can spy on their activity and steal their personal information.
Scam VII: Phony Websites
During the holidays, hackers create Websites for people searching for holiday-related wallpaper, Christmas carol lyrics or festive screensavers. Downloading holiday-themed files from these sites may infect one’s computer with spyware, adware or other malware.

Scam VIII: Job-Related E-mail Rip-offs

Scammers are preying on desperate job-seekers, with the promise of high-paying jobs and work-from-home moneymaking opportunities. Once interested persons submit their information and pay a set-up fee, hackers steal their money instead of following through on the promised employment opportunity.

Scam IX: Auction Site Fraud

Scammers often lurk on auction sites during the holiday season. Buyers should beware of auction deals that appear too good to be true, because often these purchases never reach their new owner.

Scam X: Password Robbery

Password theft is rampant during the holidays. Thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keyloggers. Once criminals have access to one or more passwords, they gain vast access to consumers’ bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user’s account to their contacts.

Scam XI: E-Mail Banking

Cybercriminals more actively trick consumers into divulging their bank details during the holidays, by sending official-looking e-mails from financial institutions. They ask users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply. They often sell this information through underground online black markets.

Scam XII: Ransomware Boondoggles

Hackers gain control of people’s computers through these holiday scams. They then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer holds the user’s files ransom by demanding payment in exchange for getting them back.