Scammers jingle all the way

At this time of year, cyberscams take on a holiday flavor and credit card fraud gets a snowball effect. Images: Holiday phishing

With the holidays just days away, shoppers rush around late into the night, radio stations blare seasonal tunes--and cybercriminals busily try to scam unsuspecting targets.

"Fraudsters use current affairs to create legitimacy," said Melih Abdulhayoglu, chief executive of Comodo Group, a provider of Web site security certificates in Jersey City, N.J. Credit card fraud is easier now than any other time of year because of the high volume of transactions, experts warn. "The holidays are a great reason to send people e-mail to try to scam them into giving up their information," Abdulhayoglu said.

Holiday scams

Internet users, in fact, can expect to see almost twice as many phishing attacks this December compared with last year, said Andrew Klein, manager of the threat center at MailFrontier, an e-mail security company in Palo Alto, Calif. Phishing scams combine spammed e-mail messages and fraudulent Web sites to trick people into giving up sensitive information.

"Holidays are an excellent hook for scams," Klein said. Last year there were 8,829 different phishing campaigns in December, and the number has increased since, hitting a high of 15,820 in October, he said. "The real problem with phishing e-mail is that they really look like e-mail that you would expect to receive."

In one example, scammers crafted an e-mail that looks like it came from eBay. The mail announces that "Christmas is coming!" and encourages recipients to click on a link to "" for advice on "seasonal selling." Though they appear legitimate, the e-mail message and the Web site were fraudulent, Klein said.

eBay and its online payment division PayPal have traditionally been popular among fraudsters looking for login names, credit card numbers and other sensitive information. eBay is aggressive in fighting such scams and offers a browser toolbar to help protect users against fake copies of its Web sites.

While eBay is a known phishing target, scams that involve charities are relatively new. With many in the spirit of giving, December could be a lucrative month for miscreants looking to profit on the generosity of Internet users.

"A lot of the security controls are relaxed in order to handle volume."
--John Pironti, principal security consultant, Unisys

"Since Katrina we have seen the Red Cross show up much more frequently in the list of top-phished Web sites," said Craig Sprosts, a product manager at e-mail security vendor IronPort Systems in San Bruno, Calif. In the aftermath of Hurricane Katrina, Web sites popped up that sought to defraud Internet users who thought they were doing good.

IronPort's filters have also stopped at least one e-mail that promised the recipient a prize in a "holiday lottery" and offered a link to a malicious Web site to collect the reward, Sprosts said.

Aside from phishing scams, Internet security companies have seen the so-called Nigerian scams take on a seasonal twist. Typically, swindlers send out junk e-mails around the world promising recipients a share in a fortune in return for an advance fee. Those who pay never receive the promised windfall.

"They will have words like Christmas and Jesus in them, which makes them a little harder to filter out," MailFrontier's Klein said.

While some attacks will adapt to the season, the deluge of traditional attacks continues. Internet users need to stay on guard and not let the holiday rush weaken their defenses, security experts warned.

Featured Video