Going online instead of going to the mall can be a convenient and cheaper way to get the holiday shopping done. But it can have a downside...
Going online instead of going to the mall can be a convenient and cheaper way to get the holiday shopping done. But it can have a downside.
Cybercriminals tend to come out in force around peak shopping times. Online shoppers, unless they guard against the threat, run the risk of having their credit card and bank-account numbers stolen without even knowing what’s happened — until it’s too late.
“The peak shopping period is an ideal time for criminals to target [consumers] for … attacks,” said Symantec’s Vincent Weafer, a vice president in the security company’s research group.
Some security experts say the time to be on guard is now — and probably even earlier. In the month before Thanksgiving week last year, security company PC Tools observed a steady rise in the amount of malware intercepted by computers running its security software.
Most Read Business Stories
- 1 house, 45 offers: Homebuyers in Western Washington hard-pressed as supply remains scarce
- 55,000 in Washington state may have to pay back thousands in jobless benefits
- Boeing made an entire fake neighborhood to hide its bombers from potential WWII airstrikes
- Seattle artists worry potential sale of historic INS building could spell the end for their studios
- Frontier cancels flight, citing maskless passengers
It was as if the bad guys wanted to have their software in place “before the shopping began,” said Michael Green, PC Tools’ vice president of product strategy.
On the Internet, shoppers can find a vast variety of items, often at discount prices. And online shopping can help spare consumers from the hassle, traffic and parking problems of going to a physical shopping center, as well as spare them the lines at the post office.
With that in mind, more than half of U.S. households are likely to do at least some online holiday shopping this year. Market-research firm Forrester Research projects that U.S. consumers will spend $44 billion online this month and next, up 12 percent from the same period last year.
Growth in online shopping hasn’t gone unnoticed by criminals. Many have turned to the Internet as a relatively easy way to steal a buck.
Traditionally, viruses and other malicious computer programs were simply nuisances. They might shut down your machine or even wipe out your hard drive, but other than possibly forcing you to get a new computer, they didn’t affect your financial well-being.
That’s changed dramatically in recent years as criminals have started to employ malicious programs to steal consumers’ personal and financial information such as Social Security, bank account and credit-card numbers. Unlike a virus that shuts down a computer, spyware and malware can run quietly in the background, often without a PC user knowing it’s there.
“The profile of malware authors has shifted from punks to professionals,” said Nick Selby, a security analyst at the 451 Group, an industry-research firm. “They’re doing it for money.”
As the nature of malicious software has changed, so have the means of infecting consumers’ computers, analysts say. Increasingly, PCs are infected when they visit Web sites that can exploit security holes in their Web browsers or browser plug-ins like Flash.
Sometimes these sites are legitimate shopping destinations that have been unwittingly compromised. Other times, criminals use what security experts call “social engineering.” That could mean directing consumers to a particular site via an e-mail link to what promises to be a funny, controversial or topical video.
“The bad guys know … what people click on,” said Patrick Runald, chief security adviser at F-Secure, a security-software company. “These guys stay up with current events.”
Security experts say it’s difficult to estimate the size of the spyware threat, especially given that many exploits may go unnoticed. But F-Secure detects some 80,000 to 100,000 new suspicious files each day, Runald said, of which 20,000 to 25,000 are new types of malware files that need to be combated.
Meanwhile, the number of identity-theft complaints collected by the Federal Trade Commission’s Consumer Sentinel program hit 258,427 last year, more than a third of which involved stolen credit card or bank-account numbers.
Despite the dangers, no one’s telling consumers to abandon their online shopping carts. Instead, security experts advise consumers to take practical, often obvious, steps to protect themselves.
The most basic steps consumers can take are to install a security program on their PCs and to make sure that and other software on their computers — particularly their operating systems, Web browsers and browser plug-ins — are kept up to date. Software updates frequently plug known security holes and, on the security software side, provide protection against newly discovered malware.
Beyond that, security experts recommend using common sense — and staying vigilant.
Consumers should be wary of clicking on e-mailed links or visiting unfamiliar Web sites, they say. It’s a good idea to go to security sites, such as one run by F-secure, that offer free malware scans. And they should keep a lookout for strange charges on their credit-cards statements.
“I can’t say there’s a magic bullet,” said Natalie Lamber, a security analyst at Forrester. “It comes down to good computer hygiene.”