Friday, December 01, 2006
Chicago Tribune (MCT)
CHICAGO — 'Tis the season to start receiving greeting cards, and a growing number of them, conveniently, will come via the Internet.
There's only one problem: Some of the e-mails saying that you have an e-greeting card from a friend or family member may instead be from a scam artist intent on obtaining your Social Security number, credit card data or even brokerage account information.
"People like receiving greeting cards this time of year, and they are likely to click on these greetings" if they are in their e-mail inbox, said Stu Elefant, senior product manager for McAfee Inc., an Internet security firm that markets products that detect unsafe Web sites or e-mail. "There is more cybercrime because peoples' defenses are down. They are in a more trusting mood, thanks to the holidays, and they are looking online for bargains."
That is an irresistible mix for increasingly clever cybercrooks as they realize more people than ever will shop online this holiday season, as well as seek to save postage — and time — by e-mailing holiday greeting cards.
Online shopping is already off to a fast start.
This year's sales are up 23 percent, to about $8.31 billion, compared to a year ago, said Gian Fulgoni, the Chicago-based chairman of ComScore Networks Inc., which tracks Web activity. Those figures are from Nov. 1-24.
Holiday cybershopping will steadily increase over the next few weeks.
Overall, Fulgoni estimates that $24 billion will be spent online this year during November and December, which should account for about 7 percent of all retail activity.
"That's probably up a full percentage point over last year," he said.
Indeed, more people than ever are comfortable shopping online these days, with 91 percent of adults saying they use the Web to shop, according to a survey released Friday from Harris Interactive and Check Point Software Technologies.
But as more people turn to the Internet for at least some of their holiday purchases — or simply for comparison shopping — more crooks, too, are tracking their movements.
The average loss per "phishing" scam grew from $257 in 2005 to $1,244 in 2006, according to a November report from Internet research firm Gartner Inc. Losses stemming from such attacks reached more than $2.8 billion this year, Gartner found.
In Australia, a scam was uncovered in late October by Exploit Prevention Labs that was perpetrated through e-greeting cards. According to a TechNewsWorld story, accounts at nearly every Australian bank were affected when a major cybercrime group used fake Yahoo greeting cards to infect computers with malicious software that tracked keystrokes on PCs. This so-called "keylogger" software was used to steal credit card numbers, bank account user names and passwords.
Researchers with Exploit Prevention Labs added that the e-card spammers were also targeting computer users in North America, according to TechNewsWorld.
Indeed, since early fall, numerous computer users across the U.S. have noted a marked increase in e-card-based spam e-mail. The subject line typically reads, "You've received a greeting from a family member" or "You've received an animated postcard."
The text inside these "phishing" e-mail messages asks people to "click here" to see the card. Phishing scams are an attempt to trick people into revealing personal information. If they click on these links, they could unwittingly be downloading software that could be used to separate users from their hard-earned holiday bonuses.
Elefant warns people to exercise extreme caution when e-greeting cards enter your inbox and to open messages only from people you know. If you have any doubt, he warned, don't open the message.
The number of e-greetings sent this time of year typically doubles compared with the rest of the year. In October, for instance, visits to sites managed by American Greetings, where there are e-cards for holidays or birthdays, increased 66 percent over September, according to ComScore figures. That was the second-highest traffic increase for any Web site in October, ComScore reported.
Crooks are exploiting what security professionals like to call "social engineering," Elefant said. Because humans are social beings, they're more likely to open an e-mail they think is from a friend or family member than something unfamiliar.
"Social engineering is more prevalent this time of year because people want to click on an Internet greeting card or get a better deal at a store online. So it's more prevalent this time of year, and this year it's more prevalent than anytime it's ever been."
People also are helping the crooks more than before.
The growth of social networking sites like Facebook, MySpace and even YouTube are helping cybercriminals target computer users.
"There's more personal information about people online at these sites," Elefant said. At YouTube, for instance, many people who post videos also include a picture of themselves along with other personal information, such as an e-mail address.
A crook may then send a message to that user and write, "Hey, I saw your video at YouTube about skateboarding. If you want a new skateboard, come check out the deals at my site."
Elefant said this is a common technique used by sexual predators but increasingly is being used for financial scams.
Another reason for the online crime wave, according to the Harris survey, is that few people adequately secure their computers. The survey found that 74 percent of people do not install a hardware firewall and 53 percent don't use a software firewall. Only 22 percent have installed a proper suite of security software, according to the survey.
HOW TO AVOID ONLINE SCAMS
—Purchase items through well-known retailers you can contact via phone if necessary.
—Check for a little yellow lock at the bottom right corner of your browser window when making a purchase. This indicates a secure transaction.
—Check bank and credit card statements frequently for suspicious transactions.
—Never give out personal financial information in response to an e-mail, including charity donations. Contact a charity directly on how to make an online donation.
—Do not click on links to Web sites embedded in e-mails. These links can direct a user to a phony e-commerce site that looks like a legitimate site.
—Use a separate e-mail account for online shopping. You can get free e-mail accounts through Google, Microsoft and Yahoo.
—Make sure your security software is up to date. If you use Wi-Fi, make sure your wireless network is secure.
—If you think you are the victim of a "phishing" scam or online identity theft, go to the Federal Trade Commission's help site at www.consumer.gov/idtheft.
SOURCES: ZoneAlarm, McAfee
(c) 2006, Chicago Tribune.
Visit the Chicago Tribune on the Internet at http://www.chicagotribune.com/
Distributed by McClatchy-Tribune Information Services.