Tis’ the Season for Online Shopping and Holiday E-Threats

Every day a new breed of e-threats enters the mainstream and infects thousands of home users, and this is especially true during the high traffic online holiday shopping season. With this in mind, here are some Internet security tips that will help protect consumers.

Holiday shoppers have already seen the usual crop of e-threats — many that we’ve seen before, such as a worm that spreads through filesharing and spams itself to addresses it harvests from a victim’s address books. This worm uses holiday e-mail subject lines such as “Coca Cola is proud to announce our new Christmas promotion.” Still others include deceptive — albeit ironic — file names for file-sharers to latch on, like “CleanMyPC Registry Cleaner v6.02.exe”. This worm can copy a range of personal information, including the credit card information its unknowing victims type into Web forms.

This is not the only kind of threat online shoppers are exposed to at this time of year — phishing attempts and Christmas-themed scam spam are also highly prevalent. Scammers are riding the wave of good cheer and taking advantage of online shoppers who may not know how to protect themselves. But protecting oneself is simpler than one might think — it just involves being prepared and taking a closer look at your online activity.

Using powerful and effective antivirus software is always an important first step in staying safe. There are many to choose from, and the key is to try to use software that blocks more than just the known viruses. The most effective antivirus programs can find viruses that have not been “fingerprinted” or signed yet, through a combination of technologies from the field of artificial intelligence and educated guesswork.

Backing up an antivirus solution with antispam software should take care of those Nigerian gentlemen wishing to propose deals, as well as those obnoxious Canadian pharmacy spams advertising diet pills. Make sure to choose antivirus software that has a good record of differentiating legitimate emails from spam.

A good anti-phishing solution is also important — not just during the holidays, but throughout the year. An effective anti-phishing solution should be able to tell the difference between the movement of money from your checking account to your credit card account and when a Russian phishers is attempting to access your account. The most effective anti-phishing solutions do not rely on lists of known phishing websites exclusively, instead employing smarter techniques that will notice if the site you are visiting looks a bit too much like your bank’s site.

Finally, anti-spyware and anti-rootkit protection should guard against attempts to steal passwords and the use of your computer for other, more nefarious purposes. You will still be able to use your computer for entertainment, but without the fear of your e-mail account being hijacked and used to send Viagra ads instead of greeting cards.

Making sure you have the correct software is just the beginning to protecting yourself this holiday season. It’s also necessary to change the way you behave online. Consider changing your usual habits and actually read the alert windows that ask you about “digital certificates” while browsing online. If a website displays the lock icon, but its certificate is signed by Puss-in-Boots instead of Verisign, that is a good sign it’s not the novelty candle shop you were looking for.

Another good idea is to type in the address of your bank’s website by hand, instead of following links to it (yes, even from Google ads). And you should never type your card pin, no matter how nicely the cute elf asks. Of course, some security solutions come with extensions that watch for that kind of mistakes and block the sensitive information from ever leaving the computer.

Another good rule of thumb is to steer away (within reason) from e-mails from long-lost friends that link to greetings, e-cards and other goodies. These e-mails are usually not what you think and could spell trouble for your computer.

It is also important to avoid installing new services and applications which are not immediately needed, such as file transfer and file sharing servers, remote desktop servers, new codecs or media players — especially if they do not belong to a trusty company or site. Such programs are potential hazards, and should not be installed if not absolutely necessary.

Also, do not copy any file if you do not know or do not trust its source. Check the source (provenance) of files you download and make sure that an antivirus program has already verified the files before opening them. Hitting the file-sharing networks for fresh mp3 Christmas carols (the un-copyrighted kind, of course) is a good way of ending up with fresh computer viruses if you are not careful.

But let’s not end this list on a down note. It’s Christmas. Go out and buy that laptop for the kids, the desktop computer for Mom or the gaming PC for junior. We’ll all be safe — as long as we use a little common sense.

Vince Hwang is the global director of product management for BitDefender. He oversees all product and technology development strategies. He brings with him over a decade of strategic, operational, and product management experience that span across multiple technology domains.