Hackers Poised for Black Friday Assault

Consumers should watch out for e-mails advertising incredible deals that seem too good to be true.

By Jon Brodkin on Tue, November 20, 2007
Tweet it!
Email
Digg
Share this article
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Network World — You know retailers are ready for Black Friday -- but so are hackers poised to launch a slew of Web-based attacks against consumers. Your money and personal information could be at risk.

"The holiday season in general is a huge time for hackers ... [and] Black Friday is typically the start," says Paul Henry, vice president of strategic accounts for Secure Computing. "This year, my biggest concern for consumers is all the Web-borne malware out there."

Black Friday, the day after Thanksgiving, is followed in marketing lingo by Cyber Monday. Both are big days for retailers and online fraudsters. Consumers should watch out for e-mails advertising incredible deals that seem too good to be true.

"Freebies may be freebies in the sense that you get free malware," says Jamz Yaneza, a senior threat researcher at Trend Micro.

A common scam is to pick the hot toy of the season and send out a spam e-mail blast offering it for much less than the typical price, Henry says. Victims end up entering credit card information on malicious sites designed to look like well-known, trusted ones. They might also unknowingly download a keylogger that can steal personal information people type in when making any kind of Internet transaction.

"Be leery of sites being advertised [in e-mail that might be spam]. In all likelihood you're being directed to a malware-connected site," Henry says. "Do not click on URLs within e-mails even for well-known public sites."

In an HTML e-mail, it's a trivial task for hackers to hide the real URL a victim is clicking on.

"It might say 'ebay.com,' but you're actually clicking on something entirely different," Henry says.

Online fraudsters have been busy this year. Fraud losses related to U.S. e-commerce will top $3.6 billion in 2007, up 20% from last year, according to a report by the vendor CyberSource this month. The increase in dollar loss is due mostly to growing e-commerce sales, as the percentage of transactions that are fraudulent has held steady.

The run-up to Christmas and tax filing season are the two most dangerous times of the year for online shoppers, Yaneza says.

In addition to being wary of e-mails, be careful when searching for holiday deals or specific products on Google and other search engines. Operators of malicious sites have figured out ways to rise to the top of search listings.

"We've seen instances where the top site that is ranked actually gets there by gaming the Google search algorithm," Yaneza says.

Continue Reading

Black Friday

Get up to speed on mobile security.

Learn More »
Loading...
Most Recent Security Stories
The path to creating a secure application begins by rigorously testing source code for all vulnerabilities and ensuring that use of the application does not compromise or allow others to compromise data privacy and integrity.
The reasons for outsourcing application development are many and varied. Outsourcing can be a cost effective and efficient solution to the demand for new and specialized applications in todays Internet-based marketplace. It is absolutely critical, however, that the team responsible for evaluating the outsourced application makes security one of its principal criteria prior to acceptance of each release.
The path to creating a secure application begins by rigorously testing source code for all vulnerabilities and ensuring that use of the application does not compromise or allow others to compromise data privacy and integrity.
Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many dont understand, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle.
Watch an online demo of iPrism and you'll get a $20 Amazon gift card as our way of saying thanks.
Online fraud is a non-stop threat to organizations around the globe, and cybercriminals have no intention of slowing down the pace. Also, global are likely to have an impact on the evolution of cybercrime. Read this special online fraud report for information about the latest online fraud trends and what to expect and prepare for in the future.
Key IT Security & Authentication Concerns for 2010
Data protection is a bigger challenger for small and midsize businesses. You need to protect sensitive data, but la...
Privacy and Data Protection Practices
Moderated by CSO Publisher, Bob Bragdon, hear from this esteemed panel as they share practical approaches to simpli...
Avoid common pitfalls and learn strategies for ensuring a successful PCI audit from information security and compli...
Protecting critical data is now the imperative at most every organization. As more and more laws are passed and reg...
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Sponsored Links

Simplifying Risk Management: Is Your Company Measuring Up?

Attend Microsoft's Windows 7 Virutal Event for a change to win a Microsoft Zune HD. Register Now!

Ready to create safe, business class social networking tools? View Now

Let Progress Software help your business make progress.

Register for more Windows Enterprise Webcasts today.

Entrust IdentityGuard  Strong Authentication for your Enterprise

Supercharge Your End Users with Desktop Virtualization

Take the Netezza TwinFin TestDrive!

Best Practices to Reduce IT Operational Costs

Maximizing efficiencies with unified communications.

Taking the Service Desk to the Next Level

Getting ready to upgrade to Windows 7? Attend Microsoft's Virtual Event on 4/22 for all the tools you'll need. Register Now!

Read report on how to improve decision making with business analytics.

Dynamic Virtual Client: Whats in store for client technology going forward?

The ISP that focuses exclusively on information security? SecureWorks.

Does your IDS really work? Find out with a free Endace Audit

CA ARCserve r12.5 is More Than Backup! Download Trial Version Today

Enterprise search helps employees get more done. Get the facts from Google.

Real-world testing ranks Trend Micro #1 against malware. See results.

Dark Fiber from Sunesys Save on Unlimited Bandwidth with Fixed Costs.

Trend Micro ranked #1 against real-world malware. Read more.

How Healthcare CIOs Achieve a High-Performance Emergency Department

Webcast: Solve Your Data Visualization Needs with Open Source BI

Webcast: Delivering the Enterprise-Ready Cloud

Ensure cost effective application delivery. Learn More.

Trend Micro ranked #1 against real-world malware. Read more.

March 31st Webcast: "Product Development and the Cross-Functional Team"

Get to know Supermicro. Business-optimized server solutions.

Google Webinar: Why Cloud-Based Security and Archiving Make Sense

HP pays back. Trade in your old printer and get up to $1000

Counting Up the End User Benefits of Desktop Virtualization

Build a smart, practical path to the internal cloud.

Verint Systems. Discover the Power of Intelligence in Action"

Efficiency goes up. Costs come down.

Achieving Business Agility with Application Grid

Seven Ways ITIL Can Help You in an Economic Downturn

Midsized company CIOs and experts connect at infoBOOM!

Core" i5 vPro" Processor: Control meets cost savings in the most intelligent PC processors ever!

Article: The Dynamic Virtual Client offers thin client advantages with rich client user experience & mobility.

Manage limitless content todayread EMCs 15-minute guide to ECM.

HP Exstream. Get a Free Document Assessment for Financial Services.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

See why ShoreTel is named best overall VoIP provider by Nemertes Research

Turn your desk phone and mobile phone into one with Sprint Mobile Integration.

Stay informed with custom newsletters from Tech Dispenser

Get ready for your Windows 7 upgrade at this live, virtual event. Register Now!

Selecting the Right Reporting Technology

An IT Leadership Action Plan for the Economic Recovery

Consolidate data centers and lower IT service costs. Learn How.

WAN optimization techniques significantly improve application performance. Read More.

Resource Center