Going online instead of going to the mall can be a convenient and cheaper way to get the holiday shopping done. But it can have a downside.
Cybercriminals tend to come out in force around peak shopping times. Online shoppers, unless they guard against the threat, run the risk of having their credit-card and bank-account numbers stolen without even knowing what has happened — until it’s too late.
"The peak shopping period is an ideal time for criminals to target for . . . attacks," said Symantec’s Vincent Weafer, a vice president in the security company’s research group.
With a week and a half to go before Christmas, this week is likely to see heavy online traffic.
On the Internet, shoppers can find a vast variety of items, often at discount prices. And online shopping can spare consumers from the hassle, traffic and parking problems at a physical shopping center, as well as the lines at the post office.
With that in mind, more than half of U.S. households are likely to shop online this holiday season. The market research firm Forrester Research projects that U.S. consumers will spend $44 billion online in November and December, up 12 percent from a year earlier.
The growth in online shopping hasn’t gone unnoticed by criminals. Many have turned to the Internet as a relatively easy way to steal a buck.
In the month before Thanksgiving week last year, the security company PC Tools observed a steady rise in the amount of malware intercepted by computers running its security software.
It was as if the bad guys wanted to have their software in place "before the shopping began," said Michael Green, PC Tools’ vice president of product strategy.
Traditionally, viruses and other malicious computer programs were simply nuisances. They might shut down your machine or even wipe out your hard drive, but the damage they did was limited to your computer and its data.
That has changed dramatically in recent years as criminals have started to employ malicious programs to steal consumers’ personal and financial information, such as Social Security, bank-account and credit-card numbers. Unlike a virus that shuts down a computer, spyware and malware can run quietly in the background, often without a PC user knowing that it’s there.
"The profile of malware authors has shifted from punks to professionals," said Nick Selby, a security analyst at the 451 Group, an industry research firm. "They’re doing it for money."
As the nature of malicious software has changed, so too have the means of infecting consumers’ computers, analysts say. Increasingly, PCs are infected when they visit Web sites that can exploit security holes in their Web browsers or browser plug-ins like Flash.
Sometimes these sites are legitimate shopping destinations that have been unwittingly compromised. Other times, criminals use what security experts call "social engineering." That could mean directing consumers to a particular site via an e-mail link to what promises to be a funny, controversial or topical video.
"The bad guys know . . . what people click on," said Patrick Runald, chief security adviser at F-Secure, a security software company. "These guys stay up with current events."
Security experts say it’s difficult to estimate the size of the spyware threat, especially given that many exploits may go unnoticed. But F-Secure detects about 80,000 to 100,000 new suspicious files each day, Runald said, of which 20,000 to 25,000 are new types of malware files that need to be combated.
Meanwhile, the number of identity-theft complaints collected by the Federal Trade Commission’s Consumer Sentinel program hit 258,427 last year, more than a third of which involved stolen credit-card or bank-account numbers.
Despite the dangers, no one’s telling consumers to abandon their online shopping carts. Instead, security experts advise consumers to take practical, often obvious steps to protect themselves.
The most basic steps consumers can take are to install a security program on their PCs and to make sure that it and other software on their computers — particularly their operating systems, Web browsers and browser plug-ins — are kept up to date. Software updates frequently plug known security holes and, on the security-software side, provide protection against newly discovered malware.
Beyond that, security experts recommend using common sense — and staying vigilant. Consumers should be wary of clicking on e-mailed links or visiting unfamiliar Web sites, they say.
It’s a good idea to go to security sites, such as one run by F-secure, that offer free malware scans. And they should keep a lookout for strange charges on their credit-card statements.
"I can’t say there’s a magic bullet," said Natalie Lamber, a security analyst at Forrester. "It comes down to good computer hygiene."
Protecting yourself To ward off cybercriminals, online shoppers should take the following steps, security experts say:
Run security software:You shouldn’t be online without it.
Keep your programs up to date:Make sure you’ve downloaded and installed the latest updates for your security software, operating system, Web browser and browser plug-ins.
Be wary of e-mail links: Many will take you to sites you don’t want to visit.
Scan your PC: Free online software can tell you if your computer has any known malware installed.
Stick to the well-lighted places: You’re less likely to encounter malware at known and reputable online sites than at other places.
Check your statements: Keep an eye out for questionable charges in your credit-card and bank accounts.
No comments:
Post a Comment