IT security firm Sophos warned online shoppers to be careful as they scramble to buy last-minute gifts for Christams, as spammers and scammers are working overtime to trick the unwary and unguarded during the online shopping frenzy.
Despite increased caution, online shopping is still expected to rise this Christmas season. Forrester says U.S. online shopping will increase 25 percent from last year, reaching $18 billion during the period.
"Lurking behind that offer for a faux Rolex or Louis Vuitton knockoff may be a more sinister transaction that goes well beyond the usual con," said Graham Cluley, senior technology consultant at Sophos. "In an effort to save time and money by shopping online, frantic consumers may also be inviting criminals onto computers - opening up the possibility of credit card fraud and identity theft."
He conceded that many people want to buy online because of the variety of goods and the convenience of surfing to an online store rather than fitting in a real-life visit during a busy working day.
In a bid to help fight this risk, Sophos has published the following tips to help consumers and staff to stay safe online:
1. Beware of people selling merchandise via unsolicited email: Spammers take advantage of the festive season, so expect more email with offers for Rolex watches and other luxury watches (in late 2004, these offers rose by more than 300 percent).
2. Don't be fooled by Christmas email: Virus and trojan-horse writers often use holiday themed e-cards and other tricks to attack unsuspecting users. For instance, the prevalent Zafi-D worm spreads as an attachment in an email message wishing "happy hollydays."
3. Be on the alert for phishing scams: During the shopping season, money and credit are on the minds of many consumers, but giving out confidential information is a no-no, no matter how real the request looks.
4. Think before you click: Be wary of clicking on links contained inside HTML emails because they may direct you to a different website entirely, set up by the hackers.
5. Keep up-to-date: Make sure your anti-virus, anti-spyware, anti-spam and firewall software are up to date and that your browser and operating system include the latest patches and fixes. More viruses, worms and trojan horses were seen last month than any previous month in history, so it's more important than ever to run the latest protection.
6. Don't try, don't buy, don't reply: No matter how tempting or authentic an email may seem, unless you are 100-percent certain it is legitimate, delete it. If an offer seems too good to be true, it probably is.
7. Consumers should continue to step up their vigilance in 2006 by only giving their personally identifiable information (PII) - for example name and address, phone number, bank account, credit card number, email, etc - to trusted parties, and they should shred all discarded documents containing PII.