Bach Seat

Before logging on from a PC, Mac, or mobile device for the last-minute holiday online shopping madness, consumers should look out for these 12 Scams of Christmas identified by anti-malware firm McAfee:

1. Mobile Malware—A National Retail Federation (NRF) survey found that 52.6% of U.S. consumers who own a smartphone will use it for holiday shopping. Malware targeting mobile devices is rising, and Google’s (GOOG) Android smartphones are most at risk. McAfee cites a 76% increase in Android malware in the second quarter of 2011, making it the most targeted smartphone platform.

New malware has recently been found that targets QR codes, a digital bar code that consumers might scan with their smartphone to find good deals or to learn about products they want to buy.

2. Malicious Mobile Applications—These are mobile apps designed to steal information from smartphones or send expensive text messages without a user’s consent. Dangerous apps are usually offered for free and masquerade as fun applications, such as games. Last year, 4.6 million Android smartphone users downloaded a wallpaper app that collected and transmitted user data to a site in China.

3. Phony Facebook Promotions and Contests—Who doesn’t want free stuff? Unfortunately, cyber scammers know that “free” things are attractive lures, and they have sprinkled Facebook with phony promotions and contests to gather personal information. A recent scam advertised two free airline tickets but required participants to complete multiple surveys requesting personal information.

4. Scareware, or Fake Antivirus software—Scareware is fake antivirus software that tricks people into believing that their computer is at risk or already infected, so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, victimizing one million victims each day. In 2010, McAfee reported that scareware represented 23% of all dangerous Internet links, which has been resurgent recently.

5. Holiday Screen savers—Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screen saver that promises to let you “fly with Santa in 3D” was malicious. Holiday-themed ringtones and e-cards have also been known to be malicious.

6. Mac Malware – Until recently, Mac users felt insulated from online security threats since most were targeted at PCs. However, with the growing popularity of Apple (AAPL) products, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent each month.

7. Holiday Phishing Scams—Phishing is tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony emails or social media posts. Cyber scammers know that most people are busy around the holidays, so they tailor their emails and social messages with holiday themes to trick recipients into revealing personal information.

• This is a fake notice from UPS (UPS) saying you have a package and need to complete an attached form. The form asks for personal or financial details to complete the delivery, and it sends that information straight into the hands of cyber scammers.

• Banking phishing scams continue to be popular, and the holiday season means consumers will spend more money and check bank balances more often. From July to September of this year, McAfee Labs identified about 2,700 phishing URLs per day.

• Smishing –SMS phishing remains a concern. Scammers send fake messages via text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it reactivated and collect the user’s personal information, including his Social Security number, address, and account details.

8. Online Coupon Scams—An estimated 63 percent of shoppers search for coupons when they buy something online. October 2011 NRF data shows that 17.3 percent of smartphone users and 21.5 percent of tablet consumers use mobile devices to redeem those coupons. But watch out because scammers know that offering an irresistible online coupon can get people to hand over some of their personal information.

9. Mystery Shopper Scams—Mystery shoppers are hired to shop in a store and report back on the customer service. Scammers use this fun job to lure people into revealing personal and financial information. There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be mystery shoppers and instructing them to call a number if they are interested. Once the victim calls, they are asked for personal information, including credit card and bank account numbers.

10. Hotel “Wrong Transaction” Malware Emails – Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams to get users to click on dangerous emails. In one example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.

11. “It” Gift Scams—Hot holiday gifts sell out early in the season every year. Not only do sellers mark up the price of the must-have toy, but scammers also start advertising them on rogue websites and social networks, even if they don’t have them. So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial information, there is little recourse.

12. “I’m away from home” Scammers – Posting information about a vacation on social networking sites could be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide it may be a good time to rob them. Furthermore, a quick online search can quickly turn up their home address.

How to Protect Yourself

• Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them.
• Be extra vigilant when reviewing and responding to emails.
• Watch out for too-good-to-be-true offers on social networks. Never agree to share your personal information to take part in a promotion.
• Don’t accept requests on social networks from anyone you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home.

Related articles

Mobile Threats Top Holiday Scam List (pcworld.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.