|Sophos warns that users dazzled by the Christmas lights may be blind to online risks.|
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned online shoppers to be careful as they scramble to buy last minute gifts for the holiday season.
Hoping to take advantage of the rush, spammers and scammers are working overtime to trick the unwary and unguarded with old and new schemes. Pushing shoddy merchandise and deception, cybercrime runs rampant during the holidays.
"Lurking behind that offer for a faux Rolex or Louis Vuitton knockoff may be a more sinister transaction that goes well beyond the usual con," said Graham Cluley, senior technology consultant at Sophos. "Frantic buyers, in an effort to save time and money by shopping online, may also be inviting criminals onto computers, opening up the possibility of credit card fraud and identity theft."
A poll conducted by Sophos* has revealed that security fears have made 69% of shoppers more cautious about purchasing goods online.
"People want to buy online because of the variety of goods on offer, and the convenience of surfing to an online store rather than fitting in a real-life visit during a busy day," continued Cluley. "However, consumers also worry about exposing themselves to the very real threat of hacker attack."
Sophos, whilst reminding users that they should be aware of computer security threats all year round, offers a list of simple tips to help keep the holiday season joyful and ensure consumers stay safe online:
Beware of people selling merchandise via unsolicited email.
Spammers take advantage of the holidays, so expect more email with offers for Rolex watches and other luxury watches (in late 2004 these offers rose by more than 300%).
Don't be fooled by holiday email.
Virus and Trojan horse writers often use holiday themed "e-cards" and other tricks to attack unsuspecting users. For instance, the prevalent Zafi-D worm spreads as an attachment in an email message wishing "Happy Hollydays".
Be on the alert for phishing scams.
During the shopping season money and credit are on the minds of many consumers, but giving out confidential information is a no-no, no matter how real the request looks.
Think before you click.
Be wary of clicking on links contained inside HTML emails because they may direct you to a different website entirely, set up by the hackers.
Make sure your anti-virus, anti-spyware, anti-spam and firewall software are up to date, and that your browser and operating system include the latest patches and fixes. More viruses, worms and Trojan horses were seen last month than any previous month in history so it's more important than ever to run the latest protection.
Don't try, don't buy, don't reply.
No matter how tempting or authentic an email may seem, unless you are 100% certain it is legitimate, delete it. If an offer seems too good to be true, it probably is.
Consumers should continue to step up their vigilance in 2006 by only giving their personally identifiable information (PII) - for instance, Social Security Number, name and address or phone number, bank account, credit card number, email, etc - to trusted parties, and they should shred all discarded documents containing PII.
* Sophos web poll. 510 respondents, November 2005.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.