Skip to content ↓ | Skip to navigation ↓

Online shopping is a convenient alternative for those of us who wish to skip the never-ending checkout lines and herds of holiday shoppers. From the comfort of our own home, or cubicle, we can quickly and easily check off our wish lists, without lining up at the crack-of-dawn for doorbuster discounts.

With 2014 Cyber Monday sales expected to reach a record $2.6 billion, it’s evident that more and more shoppers are taking advantage of the seamlessness of e-commerce. However, what we often don’t realize is that this method is not only convenient for us, but for hackers, too.

Unfortunately, cybercrime activity increases substantially during the bustling holiday season, and phishing scams have long been a tried-and-true method—impersonating reputable brands or services to lure users into clicking malicious links.

Some scams are almost identical to those of legitimate sources, and according to Google, successfully entice unsuspecting victims an alarming 45 percent of the time.

“Cybercriminals are very resourceful, and they know that the siren song of a good deal is almost always irresistible to bargain hunters,” said Dwayne Melancon, chief technology officer at Tripwire.

In a recent survey evaluating online cyber security awareness, more than a quarter of respondents (26 percent) believe emails from ‘trusted brands’ are safe to click. The survey, conducted by One Poll and Dimensional Research, included more than 2,000 consumers from both the U.S. and the U.K.

Additionally, 26 percent of respondents believed links contained in subscription emails and newsletters were ‘safe’ to click. Although we may be accustomed to seeing these frequent emails in our inbox, it’s possible that these sources can get compromised by cybercriminals, targeting thousands of mailing list subscribers.

“The number one reason to click is trust in a brand, which isn’t good,” said Melancon. “Shoppers need to look beyond the facade of convincing branding to make sure they aren’t being conned into clicking on a bogus link.”

This common tactic was seen earlier this year after cybercriminals posted several listings on eBay containing malicious JavaScript code, which rerouted affected users to a replica of the site’s welcome page. The victims were then prompted to provide their log-in credentials and passwords.

Apart from the compromise of personal information, these scams often lead to various other malware infections—an even greater risk for users connected to enterprise networks. Nearly a quarter of the survey respondents revealed they planned to do some holiday shopping while at work, and cybercriminals are well-aware of this opportunity.

“Savvy attackers know that malicious links are effective—that’s one reason phishing attacks are so pervasive around the holidays,” said Ken Westin, Tripwire security analyst.

“Employees need to be aware that anytime their computer is on their corporate network, even if they logged in through a VPN, they can put their organization at risk by simply visiting the wrong website or clicking the wrong link in an email,” added Westin.

Hence, although shopping online can be a much more pleasant task, it’s important to remember the risks and consequences that can be included. To help keep your computer, personal information and employer’s network safe and secure this holiday season, keep these tips in mind:

  • Manually type in the exact URL of the retailer’s website you would like to purchase from.
  • If you are unsure about a certain retailer, check with the Better Business Bureau or the Federal Trade Commission.
  • Hover over links to verify where the link is directing you to.
  • Shop on websites that include “https” in the beginning of the URL, which indicates the site’s information is encrypted.
  • Be cautious when clicking on advertisements on social media sites.

For more helpful tips and additional resources, visit MS-ISAC’s Cyber Tips Newsletter.