10 Online Risks to Avoid During the Holidays
'Tis the season to be scammed. Identity thieves, computer hackers and fraudsters tend to increase their efforts over the holidays because more consumers are online purchasing gifts and looking for deals, says Dave Aitel, CEO of Immunity Inc, which creates penetration testing products (ie hacking tools). Scammers also take advantage of people's generosity during the season of giving.
Aitel says that people need to watch out for these ten threats that could put them at risk of becoming victims of fraud or ID theft during the holidays.
1. Clickjacking. This popular Facebook scam involves online games that require you to click something that moves across your computer screen. You think you're clicking on a dancing Santa, but, in reality, you could be clicking on a concealed link that might perform actions such as making your Facebook profile information public or giving scammers access to information stored on your computer. So don't click on those dancing Santas (or any other game that pops up on your computer or gets passed around on Facebook).
2. Drive-by downloads. This is a term that refers to downloading something that you didn't realize was a malicious program or a download that occurs without your knowledge. This might happen as you are browsing the Web during the holidays and and visit unfamiliar sites with ads that promise deep discounts on items. If the site isn't legitimate, the ads probably aren't, either. Also avoid sites that require you to download a "codec" to view a video because this is malicious software.
3. Infections from legitimate sites. Now is prime time for hackers to infect sites that get more traffic during the holidays with pop-up ads that have viruses. Aitel recommends installing an ad blocker on your browser, such as the free Adblock Plus, or to use Chrome as your browser because it's harder for hackers to infiltrate.
4. E-mail phishing. Your inbox might fill up with donation requests or holiday deals over the coming weeks. If these e-mails come from people or groups you're not familiar with, delete them because they're likely attempts to steal your personal information or con you out of big bucks. Also watch out for e-mails claiming to come from your credit-card issuer. You might assume that they're legitimate if you've been using your card frequently to make holiday purchases. But don't respond to any e-mails saying that there's a problem with your card. Instead, call your company directly using the number printed on the back of your card. See Protect Yourself From New Phishing Schemes for more information.
5. Text-message phishing (or smishing). Be wary of text messages with donation requests, notices of too-good-to-be-true deals or even gift card offers from major retailers. There's a good chance that they're fake. If you respond, you may be prompted to divulge personal information, such as your credit card number.
6. Phony apps. Be wary of the apps you download on your phone or Facebook page. Researchers recently found that Android phones are vulnerable to text message phishing if users download infected apps (learn more). Even legitimate apps might ask permission for too much information. So read the list of permissions an app requests to make sure it's not asking for information you don't want to provide.
7. Fake Google results. If you do a Google search for a popular toy your kid wants for Christmas, for example, there's a good chance that some of the results will be links to fake sites or images that have viruses or malware. That's because scammers build sites based on popular search terms. When doing your holiday shopping online, stick with sites you know (see our 15 favorite sites for finding deals online).
8. Forced browsing. This advanced hacker technique is used to steal your passwords when you log into your accounts using a public Wi-Fi connection. So don't check your accounts online at the coffee shop or other public Wi-Fi spot. Even if you're just browsing the Web using a public Wi-Fi connection, though, you can put yourself at risk if you've set your browser to save the passwords to your accounts. Hackers can view your browsing history, go to sites you've visited and steal passwords without you knowing.
9. Wi-Fi sniffing. This technique allows hackers to see what you're doing on your computer if you're using a public Wi-Fi source. If you surf the Web on your smart phone, use your 3G (or 4G) network connection if you can because it is more secure than Wi-Fi. To protect your laptop from hackers, sign up for a personal virtual private network service, such as Private Internet Access to secure your computer's Internet connection.
10. Digital profiling. Your digital profile is basically what you say about yourself on social media. And thieves can make use of this information. For example, you shouldn't announce on Facebook that you'll be out of town over the holidays. You put your home at risk of a break-in or of being used by criminals as a mailing address to ship illicit packages.