The term "Cyber Monday" entered the lexicon as the Internet's answer to "Black Friday," the day after Thanksgiving and the traditional kick-off of the holiday shopping season.
On Cyber Monday, Americans return to work after the Thanksgiving holiday. Still nursing a tryptophan hangover, they hunker down at their office computers and start their holiday shopping -- gobbling up company time in the process.
Throughout this holiday season, experts are predicting that more people than ever will duck the malls and shop with their computers. But the comfort and ease that make online shopping so appealing have a dark side.
But like moths to a flame, spammers, phishers and all manner of other cyber criminals rush to the Internet during the holiday shopping season to prey on unsuspecting shoppers.
"The bad news is that criminals are not going away," Tim McDowd of Microsoft's Trustworthy Computing Group, told InternetNews.com. "The good news is that there are things you can do to protect your PC," as well as commonsense practices to guard against online criminals.
Cyber criminals are adopting the tactics of legitimate retailers as they try to trick consumers. More online retailers are offering free shipping and other promotions to draw shoppers to their sites. A recent study from Microsoft and Harris Interactive found that "63 percent of online shoppers would open an e-mail or click on a link from an unknown retailer during the holiday season if it offered free shipping, and 59 percent would do so for special discounts."
The same study found that slightly more than one-quarter of online adult Internet users has fallen prey to a scam while shopping online. Given that scammers are getting better at passing themselves off as legitimate merchants, how can consumers tell who's for real and who's bogus?
Fortunately, there are things online shoppers can do to make their holiday experiences safer.
- Too good to be true? "The very key thing: If an offer looks too good to be true, it probably is," McDowd said. These e-mails are often phishing scams, where the link connects to a site that downloads some type of malicious software onto the computer without the user knowing.
- Look for professionalism
- Check for signs of encryption
- It's cyberspace, not outer space Earth rules apply
- Consider the sender
In the site's URL, look for "shttp" or "https," which indicates that the purchase is secured or encrypted. Encryption scrambles your credit-card number and other data that you submit to guard against a hacker intercepting it en route. The closed padlock in the browser's status bar is also a sign of encryption.
McDowd warns that online criminals are becoming more sophisticated, increasingly including logos and other graphics in their e-mails that convince recipients that the sender is legitimate.
However, no legitimate organization will ask consumers to update their information online, he said. Just as you wouldn't give out your Social Security number to someone who calls your house claiming to be from a credit bureau, don't respond to e-mails asking for personal or account information.
One cunning scam that McDowd said is on the rise involves online greeting cards. Just as with other phishing scams, an e-greeting message will have a link for users to click that might take them to a site where they will be exposed to malware.
The commonsense rule is harder to apply here, because an e-mail simply alerting recipients that someone has sent them an e-card from American Greetings seems innocuous enough, unlike the too-good-to-be-true offers from faux retailers. The best defense is to not click the link unless the e-card comes from someone you know.
Now is a good time to tune up the junk mail settings in your e-mail to filter out messages from known spammers and phishers.
And don't forget your operating system. Make sure it's updated and enable automatic updates to receive the latest security updates.
And finally, use a credit card to make purchases rather than a check card. Consumer loss is generally more limited with credit cards if the account is used to make fraudulent purchases.
This article was first published on InternetNews.com.