Cyber Monday: Beware the malware
Here are some tips to keep shoppers safe from scammers and from the malware hiding on retail sites and fake sites created for distributing viruses and Trojans.
It's the Monday after Thanksgiving and you're sitting at your work computer suffering from food coma. Too bloated to get any real work done, you decide to do something that doesn't occupy too much of the brain--online Christmas shopping.
There's more at stake here than the cost of shipping and handling, though. First off, your boss probably doesn't want you to be surfing Amazon when you have spreadsheets to complete. Secondly, you could be opening up the corporate network to malicious hackers during what is known to be a particularly risky period.
Scammers are ready for unsuspecting online shoppers to be hunting for holiday bargains that hit on what has become known as Cyber Monday (given that more than 40 percent of you will be buying holiday gifts online, according to this survey). There will no doubt be malware hiding on retail sites, fake sites created just for distributing viruses and Trojans, and e-mails with malware-laden attachments and links leading to nastiness.
Once inside the corporate network, the malware can easily spread to other computers in the company and leave back doors that can be used later for nefarious purposes, putting corporate data at risk.
Unless a company forbids Web surfing on company time and uses software to monitor and enforce the policy, there is little recourse once workers start browsing. IT departments should do what they can to protect the networks before then, by using the most up-to-date spam filters and anti-malware software and adjusting the enterprise Internet settings to alert users when a program attempts to download something.
Communication is key, too. Corporate IT personnel should consider sending an alert to remind employees of the dangers and to report suspected malware downloads, advises Adam Chernichaw, a privacy expert and partner at the law firm White & Case. Also, they should tell employees to not click "Agree" or "OK" to close a window, but to click the red "X" in the upper corner or press "ALT + F4" instead.
Employees should practice safe browsing. CNET contributor Lance Whitneysome general tips for Web surfers from Webroot, including typing URLs in directly instead of following links and keeping a close eye on PayPal and other payment accounts.
Be careful of electronic greeting cards, because they are an easy way to trick people into downloading malware. Verify that the merchant or site a greeting card is sent from is legitimate, warns the United States Computer Emergency Readiness Team, an arm of the Department of Homeland Security. If you get an e-card from someone you don't know, be suspicious. You can always ask friends in an e-mail to confirm that he or she sent you something.
If you are buying gift cards online, only shop at reputable retailers and not through online auction sites, says the National Retail Federation. Gift cards sold through online auction sites may be counterfeit or stolen and once you buy it it's yours. The group has more online shopping tips on its Web site.
And for people wanting to donate to charity, the U.S. Federal Trade Commission has a charity checklist with tips such as asking groups seeking donations for more information about who is behind the operation, being wary of charities that spring up overnight in response to disasters, and not sending cash or donations.
Web searches can be dangerous any time of year as scammers use search engine optimization tactics to lure people to their sites. But holiday shopping online presents an attractive pool of potential victims. Be extra cautious when doing searches related to "holiday sale" and "Christmas specials" during this time of year. F-Secure has compiled a Holiday 2010 Cyber-Watch List of popular search terms that are expected to be used by scammers to poison search results, which features "Kinect for Xbox" and "Call of Duty: Black Ops" at the top.
And make sure you don't do too much shopping at work or you'll instead be online checking out the job wanted ads.