Protecting Yourself in the Season of Computer Infections
Holiday-gift shopping online can make you a phishing or malware victim
Although holiday shopping online has its perks (no crowds, no packages to lug, ordering in your pajamas), it does have one big drawback: the potential for computer infections.
Enigma Software Group (ESG), makers of the anti-malware software SpyHunter, believes computer infections could as much as double throughout the holiday online shopping season. And, ESG’s research shows, computer malware infections increased by roughly 124 percent between Black Friday and Cyber Monday.
Why Computer Infections Spread Around the Holidays
“Anytime there are more people online, there’s a greater risk that people are somehow going to come across an infection,” says Ryan Gerding, spokesperson for ESG. Also, at this time of year, Gerding says, “the ‘bad guys’ know there are more people who are engaging in online shopping activity and they know that those people might be more susceptible to clicking on a link that’s coming from a retailer about an online purchase.”
Adds Alan Brill, a senior managing director at the investigations and risk consulting firm Kroll: “The criminals are not only experts at abusing computers, but they are also masters of psychology and are good at talking people into giving up information that should be held in confidence.”
Some people shopping online for holiday gifts don’t make many cyber purchases the rest of the year, so they not know how to protect themselves against computer infections, notes Gerding.
The Phishing and Malware Scams to Avoid
Phishing is one of the most common ways to get a computer infection. It’s an email trying to make you believe your computer was hacked when it actually wasn’t, in an attempt to get you to click on an email link. Once you click, the phishing scammer can steal your personal information.
“For example, you might get an email that looks like it’s from eBay or Amazon that says, ‘Here’s a receipt for your recent transaction,’” says Gerding. “But you didn’t actually buy the bag of coffee or the tickets to a cruise that are listed in the email.” So you follow the instructions in the email, saying: Click here to cancel the transaction. “But instead of canceling a transaction that didn’t actually happen, that link will either take you to a direct download of malware on your computer or it will take you to a website that looks like the retailer and ask you to enter your login and password. [If you do] then they’ve got it, and your account has been hacked,” Gerding says.
Essentially, you’re made to think there’s a problem when there isn’t one. Then, when you click on the link, Gerding says, “that’s when the trouble happens.”
Computer thieves have gotten savvy in recent years and their phishing emails now look much more realistic. ESG has a few actual examples here.
Brill offers a warning about another form of email phishing —when you get an email that seems to come from a reputable store giving you a great deal. “You think you’re buying it, but you are really only passing your debit or credit card information along to a criminal who will exploit it,” Brill says.
To avoid a phishing scam, before you buy anything online, look at the website address bar to see if it’s for real.
“I saw one yesterday that seemed to come from a legitimate department store, but when you clicked through, the website was actually registered in Pakistan,” says Brill. “The site looked great — they stole graphics from the real website and the price for the item was remarkably low. But it was a complete scam.”
Gerding’s anti-phishing tip: If if you get an email from a retailer, but didn’t make the purchase it mentions, “don’t click on anything in that email.”
To ensure that someone else didn’t make that purchase in your name, go directly to the retailer’s site through your web browser and check your past purchases there. If you bought the item, it will show up. If a criminal stole your credit card information and made a purchase, that will show up, too.
Online shoppers also need to be aware of malware — aggravating, malicious software that can enable tons of pop-up ads to show up or do much, much worse. “Other forms of malware can plant back doors in your computer to enable a criminal to control your machine remotely,” says Brill. “Some install programs that can read every keystroke you make and send the information to the criminal. They can find out how you contact your banks and see your user ID and password.”
4 Ways to Avoid Computer Infections
Gerding and Brill suggest four more ways to avoid computer infections:
1. Back up your computer. Have your computer data backed up on an external hard drive, a cloud-based service or both. That way, if you get a computer infection, you won’t lose anything. Make sure your computer backs up automatically on a regular basis.
2. Don’t open unfamiliar emails. If by chance you do, don’t click on any links.
3. Keep your computer’s operating system up-to-date. “The operating system is one of the first lines of defense against some malware infections, and if it’s up-to-date, it can block many of them from automatically installing,” says Gerding.
4. Install anti-malware software. A few good ones are from McAfee (LiveSafe; $44.99 for a year); Norton (Security Deluxe; $49.99 for a year); Kaspersky (Internet Security; $31.99 for a year) and SpyHunter ($39.9 for a six-month subscription.)
“Whatever one you choose, make sure it is set to scan and update automatically. The updates go out as new forms of malware and infections are discovered,” says Gerding. “It’s like an arms race between the malware makers and the companies that are trying to protect consumers.”