Cyber criminals eye year-end online shoppers

Online shopping for New Year gifts may sound cool. But, beware of the risks.

Cyber security experts are advising shoppers to be extra vigilant.

Security solutions firm Trend Micro discovered a phishing scam that targets those purchasing an iPhone 4S through eBay.

This involved domains that displayed replicated eBay posts for iPhone 4S units.

Amit Nath, country manager India and SAARC Trend Micro, are of the view that common attack types include Blackhat SEO attacks, where search results for popular items such as gadgets and others mislead users to malicious sites.

. . .

Session hijacking involves sniffing through networks for information such as account credentials, and using it for impersonation.

While India is still new to online shopping, some of the instances in more mature markets like US and UK show how lucrative it is for cyber criminals to dupe online shoppers.

The National Retail Federation conducted a study revealing that 46.7 per cent of UK consumers are planning to purchase their gifts online, a trend confirmed by Deloitte's annual holiday survey (48 per cent).

. . .

IMRG, the UK Retail Trade Association calculated that UK residents will spend a staggering 7.75 billion pounds on online Christmas and New Year shopping.

"Online holiday shopping is as engrained in the criminal culture as it is in the popular culture.

Criminals are very adept at creating scams that look legitimate to the eyes of the shopper, but are instead meant to deliver malware and information-stealing code, rather than the items on your holiday list.

. . .

As if this isn't bad enough, the problem multiplies if the person shopping is an employee at work on their lunch break, potentially opening their business network up to expensive and embarrassing data theft, " says Patrik Runald, Websense Security Labs.

This Christmas saw some prominent websites being hacked by cyber criminals.

Team of hackers called 'Anonymous' broke into the database of Stratfor, a security think tank, and stole thousands of credit card details.

360buy, an online shopping mall, saw its websites being hacked.

Vinoo Thomas, product manager, McAfee Labs, says shoppers should be on the lookout for offers that are too good to be true.

. . .

"Search results for good deals online can often divert users to rogue websites. Further, mails announcing an offer to buy a product at less than half the price are common during this season.

Now that most people make transactions online, one should also sign up for getting regular SMS alerts on credit/debit card transactions," he says.

Experts say by checking the authenticity of the site (ensuring secure connections), not clicking on suspicious links and by keeping financial information confidential can help shoppers avoid being victimised while making purchases online.