Ramblings of an old Doc
Part Two of Security in Online Holiday Shopping
Published on December 19, 2010 By DrJBHL In Personal Computing

 

Here's Part One if you didn't see it.

Beth Jones is a senior threat researcher with Sophos.

She stated to PCWorld (another of Doc's faves), "The two-week mark before Christmas is when things start to ramp up out of control. Spammers and malware authors focus on when the attention is going to be there. That's generally two weeks before a holiday."

You don't need to be shopping online to get caught in one of their traps. Even checking out email or spending time on Facebook and Twitter has its risks for the unaware. Here are seven holiday humbugs to avoid."

 

You can read about them HERE.

 

"Holiday Scam 1: "Free iPad Giveaway!"

 

Apple's recently-released iPad is a popular item this holiday season, so naturally criminals are using that to hook people.

 

I have seen so many 'Get a free iPad by filling out a survey' ads already," said Jones. "Kinect (for the gaming system Xbox 360) is the other one."

 

But usually these offers are just a ploy to get you to a site where you are typically asked for credit card numbers 'to cover a small shipping charge' or other sensitive information in order to receive the prize. Your credit information is used by the con artist for nefarious purposes, and you get nothing. Stay away from these kinds of offers, said Jones.

 

"Apple is not going to give out a free iPad. They are not going to authorize anyone to give out a free iPad."

 

Researchers at McAfee Labs also found this ruse running rampant on Facebook and Twitter.

 

"In the social media version of the scam, users take a quiz to win a free iPad and must supply their cell phone number to receive the results. In actuality they are signed up for a cell phone scam that costs $10 a week. "

 

Holiday Scam 2: Fake Gift Cards

 

"There seems to be a big-affiliate scam going around of free gift cards," noted Jones.

 

But these gift card offers are really just an identity theft gimmick in disguise with the goal of stealing your information to sell if off for profit. Avoid them. Retailers are not giving out free gift cards just because you fill out a survey.

 

McAfee researchers said "One recent Facebook scam offered a 'free $1,000 Best Buy gift card' to the first 20,000 people who signed up for a Best Buy fan page, which was a look-a-like. To apply for the gift card they had to provide personal information and take a series of quizzes. "

 

Holiday Scam 3: Stripped Gift Cards

 

Gift cards have become a common go-to present for many folks. But now criminals have figured out a way to render them worthless, according to Tom Browning, vice president of corporate compliance and Chief Security Officer with AlliedBarton.

 

"With the gift cards, the mission is to sell, sell, sell," said Bornwing. "So they are displayed in places that are easily accessible to people. You'll often see these things right on a front counter or in a display rack in a grocery store."

 

But their accessibility also makes it easy for criminals to take advantage. Browning said many use a scanner that can be purchased cheaply to read the code behind the magnetic or scratch-off strip on the back of the card. With that, and the card number on the front, they can steal the value of the card. This leaves the buyer who purchased the card legally with a worthless piece of plastic.

 

Even if a card isn't preloaded, a thief can steal the card number and security code and call the 800 number shown on the card every few days to check the balance. Once a shopper purchases the card and loads it with a dollar amount, the thief can spend it before the purchaser does, said Browning.

 

Browning advises trying to safeguard any gift cards you purchase by buying them from stores which keep them behind a register. He also recommends checking with the cashier when purchasing the card to ensure there is a valid balance before you leave the store. And look over the card yourself, he said. Does it have creases or markings? Is the strip on the back in perfect condition? If the card looks at all suspicious, pass it up.

 

"I wouldn't say don't purchase any gift card," said Browning. "They make a great gift alternative. But the chance that they have been tampered with when they are out in a place accessible to everyone is high. Hold yourself accountable by taking the proper precautions before you buy." (Also see Facebook sues over free gift card, dislike button scams.

 

Holiday Scam 4: "You're Preapproved for This Credit Card!"

 

In tough times, consumers may be particularly vulnerable to this one since credit is difficult to obtain for folks without a job or with bad credit. But these credit offers are often advance credit schemes, according to McAfee Labs. Such offers arrive in the form of spam emails advertising prequalified, low-interest loans and credit cards if the recipient pays a processing fee--which then goes directly into the scammer's pocket.

 

Holiday Scam 5: Bad E-Cards

 

Malware-laden e-cards are a "holiday tradition in and of itself now," said Jones. She traces it back several years, but recalls a really bad year in 2007. "They (malware authors) were sending out variants for a botnet called 'Dorf' that year," she said "We made a lot of jokes about Santa and his Dorfs."

 

But it's not very funny when you receive what looks like an e-greeting from a friend and instead end up with a computer infection. Unfortunately, said Jones, it is best just to avoid opening it unless you can get absolute confirmation from the card's supposed source.

 

"It's gotten to the point where it's so easy to spoof Hallmark.com that you really do need to exercise caution. I would email the friend and ask 'Did you actually send me this?' just as you would with any unexpected attachment from a friend."

 

Holiday Scam 6: Bad Links to Holiday Sales, Job Offers, etc.

 

Links to opportunities for job offers abound on Twitter. Cash-strapped users looking for some help with income this holiday season may find the offers too good to ignore. But McAfee researchers say most are scams that serve up dangerous links that ask for your personal information, such as your email address, home address and Social Security number to apply for the fake job.

 

And holiday sales, while common and often legitimate, are also easy ways to send bad links, said Jones.

 

"Make sure you check shortened links before you click on them," she advised. "Bitly, for example, offers a service to preview where the link is going if you add a plus sign to the end of the link you're questioning."

 

Holiday Scam 7: Fake Charities

 

Some estimates put the number of fake profiles on Facebook at as high as 40 percent. And it isn't just individual profiles that are created fraudulently. Fake business pages are also a problem on the social network site. And fake charity pages are a holiday-season hazard as generous givers look for a place to put their donation.

 

If you want to ensure you are donating to the legitimate charity, seek out the organization's site directly, said Jones. And ignore all email solicitations for donations, as well as the links the messages may contain.

 

"Charities typically do not randomly sell emails looking for donations," said Jones. "Most still prefer snail mail." ".

 

Another site I'd recommend on is safeshopping.org  which is published by the American Bar Ass'n. It has some very good tips for safe shopping and a complaints option.

 

I used the above as is, because it's so important to me that you all be safe during this season of joy. I hope this prevents unnecessary pain and loss during these hard times, and helps protect you, my WinCustomize family from harm.

 


Comments (Page 2)
3 Pages1 2 3 
on Dec 20, 2010

Doc, we differ on our favorites, but not by much.  I prefer PC Magazine.  PC World seems geared more for the novice than the experienced, as I found it lacks depth.  But otherwise is informative.

Great Tips!  And Happy Hanukkah!

on Dec 20, 2010

Welcome, Bonzette.

How be the Cap'n? I miss the old reprobate.

 

Dr Guy
Doc, we differ on our favorites, but not by much.  I prefer PC Magazine.  PC World seems geared more for the novice than the experienced, as I found it lacks depth.  But otherwise is informative.

Great Tips!  And Happy Hanukkah!

Love PCMag also, mate. And thanks for the wishes...best of holidays to you as well!

on Dec 20, 2010

Hi Doc,

Thanks for the well wishes.  The really sneaky thing about the "Nigerian scam migrated to marriage sites" is that they are using real names of real people.  They take names of professionals (from linked in - or other professional sites), and masquerade  as that person on the marriage / dating site.  Seems this is a variation on  the 'pretending to be from a reputable company' scam directed at the heart.

Direct contact only happens when they "move' oversea.  Guess it protects them from USA laws.

The price we pay, for an open society.

Again, thanks for the well wishes.

 

on Dec 20, 2010

Hiya, ElanaAhova... Yet another reason to be as private as possible, or alternatively not to believe in the tooth fairy. If it looks too good to be true, it generally is. Also, If one has never met the person face to face, the answer to "Oh, my son needs a vital, lifesaving operation." is, "Good luck. So sorry about your son." and then block the person.

on Dec 20, 2010

+1 karma.  Thanks for the info.  I just bought a boatload of prepaid Visa cards to give out and only checked to see if the tear off strip behind the packaging was in tact.  I found one with the number exposed and didn't get that one.

I wasn't aware of any scanners that could read through the packaging.  I hope these all work, but I'll warn the recipients to use them right away and I'll keep the receipts until they're used.  I hope Walmart will replace any that might have been scanned. 

 

on Dec 20, 2010

on Dec 20, 2010

Also, If one has never met the person face to face, the answer to "Oh, my son needs a vital, lifesaving operation." is, "Good luck. So sorry about your son." and then block the person.
Lifesaving foot surgery? Yeah, I guess its possible, but of all the body parts they could have used...

on Dec 20, 2010

Lifesaving foot surgery? Yeah, I guess its possible, but of all the body parts they could have used...

You can answer, "My foot!". Then duck.

on Dec 20, 2010

Lifesaving foot surgery? Yeah, I guess its possible, but of all the body parts they could have used...


You can answer, "My foot!". Then duck.

 

 

I thought something smelled 'funny.'

on Dec 20, 2010

Put a sock on it.

on Dec 20, 2010

Even if it is from some one you know ask that person if they sent it to you. Always better safe than sorry.

It's annoying when they tap these accounts. I have to change my wife's password weekly because they always seem to tap her account and then I and several friends get "awesome" deals on drugs from Canada and what not.

on Dec 20, 2010

^ are you referring perchance to Live.com/hotmail?

 

on Dec 21, 2010

It's annoying when they tap these accounts. I have to change my wife's password weekly because they always seem to tap her account and then I and several friends get "awesome" deals on drugs from Canada and what not.

If it is occurring weekly, your wife's account is probably not being hacked, but spoofed!  Indeed, your wife's account is probably the most secure of anyone's on this board with weekly password changes (unless you are using easy passwords)!  But spoofing is easy and is done when a friend of your wife's account is hacked.

on Dec 21, 2010

^ I agree! Good diagnosis.

on Dec 21, 2010

Will have to look into it thx

and its a Yahoo account, I have the hotmail one and it occurred only once to me

3 Pages1 2 3