Fraud

Bad Bargains

By Robert Lemos

Parents desperate to find this year's most popular items, such as Cepia's high-tech Zhu-Zhu Pets or Mattel's Mindflex Game, should be careful that they don't let their guard down online.

With the holidays nearly here, last-minute shoppers may throw caution to the wind when searching for hard-to-find gifts. Many online scammers depend on just that.

"As the holidays get closer, and people have not found the right present, they will get more desperate," says Catalin Cosoi, a senior anti-spam researcher at security firm BitDefender. "They might go to a Web site that they would not have gone to in the past."

During the holiday season, the World Wide Web becomes a target-rich environment with many e-commerce sites seeing half again as much traffic as other times of the year. And this year, more consumers are headed online than ever before. For example, on the Monday following Thanksgiving, a day known in the retail world as Cyber Monday, online sales were up nearly 14 percent compared to the previous year, according to Web information firm Coremetrics. People were spending more as well: The amount spent per sale rose 38 percent, the firm says.

Such large transactions are a lure to the Internet underworld, and there are grinches out there that aim to take advantage of the less-than-savvy consumer, warn security firms. So far this year, fraud involving general merchandise accounted for more than 22 percent of all scams, second only to the offline crime of check fraud, according to a report from the National Consumers League.

Holiday cheer, lacking caution

That's a trend that will continue into the holiday season, when a greater number of less Web-savvy consumers are going online, security firms say.

"The cybercrime is constant threat, but we are seeing the cybercriminals move toward holiday themes," says Marian Merritt, Internet safety advocate at Symantec.

Already, online fraudsters are ramping up their holiday scams. Spammers, who focused on selling fake Viagra and pharmaceuticals, send junk email advertising deals on software, toys and other general merchandise. Fraudulent Web sites and auctions -- which purportedly sell hard-to-find items but, in the end, do not deliver -- attempt to separate the less-than-careful consumer from their money.

"Identity theft and fraud are not just a fourth quarter (of the year) problem, but during the holidays, we are all out there shopping, we are all doing our thing and that makes us potential targets," says Steve Schwartz, executive vice president of consumer solutions for identity-theft prevention firm Intersections.

A recent survey conducted by technology giant Unisys found that 42 percent of Americans are seriously concerned with the security of online retail and nearly two-thirds of Americans are seriously concerned about bank card fraud. Yet, the concerns have not halted consumers from shopping online: In a survey of 650 antivirus users, security firm Sunbelt Software found that more than 90 percent planned to shop online this season, even though the majority of users -- 56 percent -- had concerns about the security of their credit-card numbers.

And, the fraudsters are getting better at what they do, says Stu Sjouwerman, co-founder of Sunbelt Software.

"They are getting more sophisticated by the year," Sjouwerman says. "What a year or so ago was a fairly transparent attempt to get you to buy Viagra in Canada is now an email that is identical to your bank's that says your account has been compromised."

Spam and shopping scams are not the only threats during the holidays. Consumers should also be careful of holiday messages purportedly from their acquaintances and friends. In late November, security firm Symantec warned that the online gang responsible for a Trojan horse known as Koobface had started sending electronic holiday videos that would infect a recipient's computer when the person opened the attachment or clicked on the link.

Computers compromised by Koobface request that a user solve a CAPTCHA, a scrambled image of a word that is used to prevent malicious users from registering free email accounts and domains. Each time a user types in the correct word, Koobface attempts to register a domain from where it can continue to infect people's computers.

Defending against the Grinch

For consumers, the key to holiday safety is to always be careful online and skeptical of special offers, says Intersections' Schwartz.

"Unfortunately, people tend to be a little less careful than they normally are, so the likelihood of fraud is increased," he says.

Intersections recommends that shoppers "trust but verify" any site on which they plan to do shopping. Searching Google, Yahoo or Microsoft's Bing for the e-commerce site's name plus the word "review" or "complaints" will typically give you a good idea if the site poses any threat of fraud. If you do not feel comfortable checking up on sites, shopping only on the sites of well-known retailers will keep you safe.

"When you go to Amazon or eBay, you are generally fine," says Symantec's Merritt. "It's when you start searching off-the-beaten path that you run into problems."

BitDefender recommends that online shoppers make certain that your antivirus is up to date and that your computer has all the latest patches for the most common software, including the Windows operating system, the user's preferred browser and other popular applications, such as Adobe Flash and the Windows Media player.

In most cases, today's malicious software -- the general term of viruses, worms and Trojan horses -- requires the user to click on a dialog box to run the code, so being careful is a good defense. Yet, it's not always enough. Writers of malicious software frequently hoard their best exploits -- techniques for running bad code on computers -- for major campaigns, says Sunbelt's Sjouwerman

"They sit on it and wait for a great opportunity," says Sjouwerman. "And the holiday season is it."