Bad Santas are making their lists and checking them twice, gearing up to rip off
consumers online with common scams that take the happy out of the holidays.
Below, McAfee reveals their dirty tricks to educate the millions of consumers worldwide
who want to enjoy safe shopping this holiday season.
- Charity Phishing Scams - Many popular charitable organizations
encourage consumers to think of others during the holiday season through emails
asking for year-end donations. In fact, according to McAfee’s recent holiday survey,
almost 30% of US consumers plan to donate online this year.
Unfortunately, hackers also know consumers are in the giving spirit during the holidays
and prey on their generosity through fake charity phishing emails.
Here’s how it works: The hackers send fictional emails that appear to be from
well known charitable organizations, such as the Red Cross, the Salvation Army,
and Oxfam that direct consumers to fake websites designed to steal their money.
The websites are generally very professional with a fairly high amount of graphical
content and a good amount of verbiage designed to make the reader feel upset or
guilty. Sometimes the layout and content of these fraudulent sites are copied directly
from legitimate charity websites with simply a name and a logo changed.
To determine if an organization’s site is legitimate, go directly to their
Website to donate. Don’t ever click on a link sent in email. To learn more
about phishing, visit www.mcafee.com/advice.
- Email Banking Scams - The current economic climate is not only
forcing over 95% of us to spend less money and buy fewer holiday gifts this season,
but prompting hackers to take advantage of our bank account balance concerns to
bah-humbug the holidays with another common phishing scam.
Financial institutions are the most common phishing scam targets. According to the
Anti-Phishing Working Group, during the first quarter of 2008, 92% to 94% of all
phish scams were financial-services related.
With these scams, the bad guys send an official-looking email that asks consumers
to confirm account information, including their user name and password. These emails
often try to fool consumers into thinking that if they don’t comply with the
instructions, their account will become invalid.
So remember, call your bank by telephone if you’re concerned about your account.
Never give your account details out as a result of an email request or you could
fall victim to a popular phish scam designed to empty your wallet. And with the
stress of the holidays, your guard might just be down enough that you fall for one
of these scams.
- Holiday e-cards - Most people never consider the
dangers of e-cards -- but unfortunately, there are plenty of dangers, especially
during the holiday season. For example, a scam that was popular in 2007, was a New
Year’s e-card that included a nasty surprise. When the consumer clicked on
the link, they were brought to a malicious Website that attempted to download Trojan
Here's another tricky example: Scammers may send you an e-card that appears as if
it’s coming from Hallmark asking you to download an attachment to pick up
your e-card. However, the attachment isn't really an e-card -- it's a Trojan. This
particular Trojan then waits for you to sign onto AOL. If and when you do, it displays
a pop-up window that looks like an AOL form, but asks you to verify/update your
AOL billing info by providing your credit card, checking account info, and Social
A few clues that an e-card is not legit are spelling mistakes, errors in the message,
unknown senders or senders with bogus names and odd-looking URLS.
Remember – if in any doubt about the legitimacy of an e-card, don’t
open it. Never click on anything from an unknown source.
- Fake Invoices. During the holidays, lots of friends and families
order and send gifts online. This is no secret to stealthy Scrooges who try to trick
consumers into giving away personal financial details through fraud invoices.
Here’s how this scam works: The bad guys create a fake invoice or waybill
and send it via email as an attachment. Once the consumer opens the email attachment
there are a few variations of - the recipient may be asked to confirm or cancel
an order, they may be told that the parcel service was unable to deliver a package
due to having an incorrect address, or the recipient may receive a customs notification
about an international package.
In every instance, the email either asks the consumer for their credit card details
so that their account can be credited or requires the recipient to open an invoice
or customs form to receive the package.
Pretty tricky, huh? This kind of scam has been played on many consumers who believed
they were receiving emails from FedEx, UPS or the US Customs Service but instead
were delivered a deadly Trojan program or other threat that can lead to identity
theft or hacker control of a computer.
To protect yourself, never give your financial details over email to an unknown
recipient or open a suspicious attachment. If you want to ensure you are reaching
shipping sites like FedEx or UPS, open a browser and directly access the Website.
Also, ensure that your Internet security software is up to date to help spot Trojans
and other forms of malware if you have opened a bad attachment.
- You’ve Got a New Friend! As the joy of the holiday season
brings people together and reignites old friendships, many of us are excited when
alerted with a message that says, “You’ve got a new friend!” when
using popular social networking sites.
Sadly, in some cases, after clicking on the notice, you NOT only do not have a new
friend—you have downloaded malicious software that you can’t even detect.
Of course, it’s designed to steal personal and financial information. Stay
away from “friends” you don’t know.
- Dangerous Holiday-related Search Terms. We love Santa too, but
when clicking on the results of a “free Santa download” search, in addition
to the Christmas-themed screensavers, puzzles, and pictures you find, you also could
be clicking on adware, potentially unwanted downloads, and spyware.
In fact, McAfee’s free and award-winning safe search tool, McAfee® SiteAdvisor®,
found that all of the following holiday-related search terms are risky:
- Free Santa holiday screensaver
- Free holiday screensaver
- Free Christmas screensaver
- Free holiday downloads
- Christmas tree download
- Free Christmas wallpaper
- Santa wallpaper
- Santa screensaver
- Santa ringtones
- Santa mail download
- Santa download
- Free Santa music downloads
When searching for fun holiday-themed downloads, make sure your holiday searches
are guided by McAfee SiteAdvisor software– the simple green, yellow and red
rating system will help you avoid any unwanted gifts you may get along with your
- Coffee Shop Cybercriminal. While everyone enjoys a warm gingerbread
latte while surfing the Net at their local coffee shop, most are not aware of the
dangers in surfing on unsecured networks. Attackers can jump on an unsecured wireless
Internet connection with a program called a packet sniffer to see what Websites
users are visiting, the passwords they are using, and what bank accounts they are
Also, an attacker might set up a rogue wireless access point nearby a coffeehouse.
If somebody unwittingly connects to the attacker’s network, the miscreant
can watch just about everything that goes on while that connection is in use and
can redirect traffic, sending the unknowing user to the dark alleys of the Internet.
McAfee advises consumers to make sure they have updated security software including
a firewall, they’ve updated the patches on their system—and most importantly,
they check bank accounts and shop online from a known, secure wireless Internet
- Password Stealers. The McAfee holiday shopping survey found that
53% of consumers admit they use the same password for multiple websites or online
services. Consumers need to know that free and low-cost tools exist that make it
easy for bad guys to guess passwords and hack into users’ PCs. That’s
a holiday visit no one wants.
McAfee Labs found that attackers go after passwords for banks and e-commerce
sites, multi-player online role playing games, instant messaging and finally, social
As tricky as getting malware that’s delivered invisibly via spam, consumers
could get a password stealer downloaded to their PC without even knowing it.
By using the same password, an attacker only has to nab one password to hit all
of a user’s accounts. So this holiday season, be sure you use have an updated
comprehensive security software suite to help prevent access to password-stealing
malware. This includes anti-virus, anti-spyware and a two-way firewall. Remember
to check to make sure your subscription software is current – and not just
trial software that might be expired.
In addition, create complex passwords such as: $aNt@IsRe@l or H@PPyH0l!d@y$.
Check out these tips on how to create safe passwords.
- Fraud via Auction Sites. As nearly 40% of American consumers are
expected to visit auction sites to find gifts this holiday season, shoppers must
be aware of scammers who will use the increased activity of the holiday season to
prey upon new victims. Be sure to read the security and safety policies from such
sites as eBay. You’ll
learn how to protect your account and buy safely
eBay’s Online Safety Advisor, Rich LaMagna, recommends the following:
- Use your common sense. If an item looks too good to be true, it probably is.
- Carefully review the seller’s ratings and feedback to be sure that he or she
has a positive rating. Learn more about the item before bidding on it by carefully
reading all of the information in the item listing, including the seller's policies.
- Pay with a safe payment method such as PayPal or your credit card. These methods
offer the most protection for buyers should something go wrong with the transaction.
To learn more about eBay’s Buyer Protection Program, click here.
- Holiday-themed Email Attachments and Spam - The bad guys know that
emails with holiday-inspired subject lines are intriguing to most consumers. The
recent McAfee holiday survey found that 49% of consumers have opened or would open
an email with a holiday themed attachment.
Consumers should beware of emails that prey upon their holiday spirit, inviting
them to look at homes bedecked with lights or PowerPoint presentations with vague
holiday-related subjects. For example, last year an email made the rounds with a
Microsoft PowerPoint called “Christmas Blessings” that contained malicious
Some examples of subject lines bad guys use to lure consumers into opening a friendly-looking
email are “happy 2008 to you!”, “happy 2008!” and “new
hope and new beginning”. Be wary when you see these titles and don’t
open attachments with odd-looking URLs.
- Online Identity Theft - Online shopping offers the 3 Cs: cost,
convenience and choice, but there’s one more we learned about from the McAfee
Shopping Survey: concern.
90% of consumers have some level of concern about shopping online. Unsure of where
to shop, they rely on friends and family to determine the safety of a website, but
friends can only advise on personal experiences, and some sites may have security
issues that aren’t readily apparent.
For example, sites that store your personal information can be vulnerable to cybercriminals
who hack in to steal your identity. In fact, research shows that as many as 80%
of websites have known vulnerabilities.
McAfee can help. The McAfee SECURE™ trust mark appears on more than 80,000
sites that pass daily testing for more than 10,000 known hacker vulnerabilities.
Your personal information is safer on sites tested by McAfee SECURE because daily
scanning for known threats can prevent Websites from falling prey to the vast majority
of hacker crime. Only valid sites that pass the McAfee SECURE service of daily testing
can display the trustmark.
- Laptop Theft.
And the last way the bad guys can take the merry out of your Christmas is by outright
stealing your laptop! According to the FBI’s State of the Net Report (2007),
chances of having a laptop stolen are 1 in 10, and according to the research firm
Gartner, 97% of laptops are never recovered.
While you are out enjoying the festivities of the season, make sure to be particularly
vigilant at this time of year and never leave your laptop in sight in your car.
For further protection, be sure to purchase a product that safeguards important
files – including photos, music and bank/credit card statements, in the event
your laptop is stolen. One such product is McAfee Anti-Theft
File Protection software.
The above does not constitute an association with, or endorsement of
the information, products or services contained herein, nor has it been authorized,
sponsored or otherwise approved by Microsoft Corporation, Salvation Army, Oxfam,
Hallmark, AOL, FedEx, UPS, US Customs Service, eBay, PayPal, Anti-Phishing Working
Group, FBI and/or Gartner.
McAfee and/or other noted McAfee related products contained herein are registered
trademarks or trademarks of McAfee, Inc., and/or its affiliates in the US and/or
other countries. McAfee Red in connection with security is distinctive of McAfee
brand products. Any other non-McAfee related products, registered and/or unregistered
trademarks contained herein is only by reference and are the sole property of their
respective owners. © 2008 McAfee, Inc. All rights reserved.