Don't Let Your Holidays Get Hacked

Black Friday, the Friday after Thanksgiving Day, is generally the official kick-off of holiday shopping in the United States. Retailers offer tremendous deals to get shoppers in the door and shoppers line up at insanely early hours in the freezing cold just so they can be at the front of the line.

As Black Friday competition has increased, and the economy has waned, retailers have continued to expand their holiday marketing efforts. There is Cyber Monday, the Monday that follows Black Friday, which is generally a day with many online offers. But, it goes beyond even that. Some retailers are starting before Black Friday and running huge sales both online and in stores long after Black Friday to make sure they get shoppers to spend their money with them.

Hackers are poised to capitalize on the shopping feeding frenzy as well though, so online shoppers need to be cautious.

Retailers may send out email notifications to their registered users. But, if you receive an email with a tremendous offer, you may get more than you bargained for as well.

Some holiday shopping attacks may be an attempt to infect or compromise your computer. You may get an email claiming to have a 50% off sale on 50" Plasma Televisions, with a link to visit the web site for details. Clicking the link may reveal a once-in-a-lifetime deal on a Sony Plasma TV, or it could just initiate a download of the latest and greatest virus, worm, or spyware onto your system. Maybe it will execute an exploit that will compromise your computer and make it part of a botnet, or allow the attacker to take control of your computer remotely.

Another angle on holiday hacking would be to actually take your money or steal your identity. Some holiday shopping deals may lead to web sites that look legitimate, but are actually malicious replicas designed to capture your username and password for a given site, or to steal your credit card or bank account information.

In some cases, even legitimate marketing emails that lead to legitimate web sites may pose a problem. The retail site could potentially be compromised or exploited to lead users to a malicious site or install malware on their system. Cross-site scripting (XSS) flaws are fairly prevalent. Even TJX, which is under acutely increased scrutiny after causing the largest breach of customer data ever, was recently found to be susceptible to an XSS vulnerability.

So, what is a holiday shopper to do? Should you shop only at actual brick-and-mortar retail stores and use cold, hard cash? I think that is a bit extreme. There are some precautions that you should take though to try to ensure your shopping endeavors don't end in disaster...the malware / ID theft sort of disasters at least. I don't have any advice for how to get a Nintendo Wii or the latest Tickle Me Elmo. You are on your own for those kinds of disasters.

1. Shop at work: The reason Cyber Money exists is because workers return from the Thanksgiving holiday weekend and start shopping online while they are at work. I am not suggesting you violate your employer's acceptable use policy or do anything that will get you in trouble, but, assuming your employer is OK with some personal web surfing during lunch or something, odds are pretty good that your employer has a better-protected and more secure network than you have on your computer at home.

2. Patch your PC: Make sure that you have applied all of the latest patches and security updates on your PC. Most malware and exploits take advantage of known vulnerabilities. Simply keeping your PC current on its patches can prevent the vast majority of attacks from working.

3. Protect your PC: If you don't already have a personal firewall and some sort of antivirus or antimalware software installed on your PC- start there. Assuming that you do, make sure it is enabled and up to date. Security software is often only as good as its most recent update, so having antivirus software on your PC that hasn't been updated in 3 months is almost the same as not having antivirus software.

4. Don't fall for phishing scams: Read Protect Yourself From Phishing Scams to educate yourself about what to look out for and how to ensure you aren't a phishing scam victim.

5. Watch out for spyware: Check out Protect Yourself From Spyware to learn more about the steps you can take to protect your PC from spyware.

6. Don't become a victim of ID theft: Take a look at Ten Tips to Prevent Identity Theft for tips and ideas to protect yourself from attackers set on stealing your identity.

7. Be cautious about charity solicitations: The holidays are also a time of giving and charity. Some attackers try to exploit the excess caring and generosity by sending out fake solicitations for donations. Read Beware Hurricane Katrina Scams to learn more about identifying scams and making sure your donations get to the charity you intend them for.

Source: About.com