THE BLOG

5 New Online Threats for Cyber Monday Shoppers

11/21/2012 06:18 pm ET | Updated Jan 21, 2013

Cyber Monday is just a few days away, but for those who plan on doing their holiday shopping online, there are several new threats you need to be aware of.

Identity theft and financial fraud usually increase between Black Friday and Christmas Eve -- as cyber thieves know there are more people online, not all of whom are familiar with basic security precautions that should be taken when buying online. As a result, security professionals generally see an uptick in online threats and consumer attacks.

So, what are the top scams to watch out for this holiday season?

In addition to more commonly known threats like 'search engine poisoning,' Wi-Fi snooping such as man-in-the-middle, infected holiday e-cards and ringtones, and phishing emails, we could also see a few sneakier attacks affecting desktops, laptops, tablets and smartphones.

Here are five new hacker threats that shoppers need to watch out for:

  1. Clickjacking -- In this type of attack, a malicious program or link is hidden behind a "Like" button, video player, or anything else that you're asked to click on. Once you click on the button, the real program, the hidden one, is activated and your computer is infected. This holiday season, many consumers will fall victim to this attack -- by clicking on a phony e-card, Christmas videos, Facebook 'Like' chain messages and online coupons. Safety Tip: The best way to protect yourself is to avoid clicking on any suspicious link, image or page.
  2. Cross-Site Scripting -- Certain types of websites hide 'cross-site scripting' (or XSS) attacks that lie in wait for the unwary consumer. Once you're on the site, it attacks your computer, stealing any cookies and passwords you have saved in the browser. Safety Tip: The best way to avoid this is to only visit reputable websites, don't be lured to new or suspicious sites offering "too-good-to-be-true" discounts on popular products. Log out of bank and financial sites after use and clear your cookies frequently.
  3. Drive-By Attacks -- Another type of attack that is increasingly common, and will occur frequently over the next few weeks, is the drive-by attack, or drive-by download. This type of attack most commonly occurs with a pop-up ad on a website - when you click on it to make it go away it secretly infects your computer. This type of attack can also infect a smartphone when surfing the Web. Safety Tip: It's important for online shoppers to use one of the more secure browsers, like Chrome, and to block popup ads. If an ad still appears, rather than clicking on it to close it out, quit the browser and reload it.
  4. QR Code Scams -- QR Codes are those maze-like symbols that now appear on almost everything -- from groceries and electronics to advertisements. They're also appearing more frequently on the Web. The problem with a QR Code is that you don't know where it's going to redirect you. There is the potential for QR Code fraud to redirect people to fraudulent websites that will infect them. Safety Tip: The best advice is to be careful which QR Codes you scan. If it's on a suspicious website, or a flyer at the mall, use common sense and avoid it.
  5. Man-in-the-Browser -- Internet browser scams are increasingly popular and there's no doubt they'll target a number of holiday shoppers this year. The man-in-the-browser or (MITB) scam attacks a flaw or unpatched vulnerability in a browser and gives the hacker an inside look at everything you do online. Basically, the hacker sits between your computer and the websites you visit, allowing him or her to steal login credentials, passwords, other sensitive info, or insert additional transactions into sites you visit such as a bank or financial institution. How does a browser get hacked? There are a few ways this can happen: first, you visit a nefarious website or open an email attachment and a Trojan infects your PC. Or, you add a plugin to your browser that turns out to be a fake. Safety Tip: The best way to avoid a MITB attack is to regularly update your browser, be selective with plugins, keep your antivirus up to date, and use common sense when surfing the Web.

While the type of computer threats always change, basic security precautions remain the same. For those planning to shop online this holiday season, or any other time, it's important to follow these steps: scan your computer for viruses first; use up-to-date antivirus software; update your operating system and browser; use common sense when visiting sites or clicking on links and attachments; and use a credit card in place of a debit card. There are many ways to fall victim -- but if you use common sense, you can keep the hackers at bay.