Security threats Toolkit

Tis the season of Christmas scams

Tags:
Scams,
Christmas,
Phishing

Joris Evers CNET News

Published: 22 Dec 2005 10:10 GMT

With Christmas just days away, shoppers rush around late into the night, radio stations blare seasonal tunes — and cybercriminals busily try to scam unsuspecting targets.

"Fraudsters use current affairs to create legitimacy," said Melih Abdulhayoglu, chief executive of Comodo Group, a provider of Web site security certificates. Credit card fraud is easier now than any other time of year because of the high volume of transactions, experts warn. "The holidays are a great reason to send people email to try to scam them into giving up their information," Abdulhayoglu said.

Holiday scams
Internet users, in fact, can expect to see almost twice as many phishing attacks this December compared with last year, said Andrew Klein, manager of the threat center at MailFrontier, an email security company. Phishing scams combine spammed email messages and fraudulent Web sites to trick people into giving up sensitive information.

"Holidays are an excellent hook for scams," Klein said. Last year there were 8,829 different phishing campaigns in December, and the number has increased since, hitting a high of 15,820 in October, he said. "The real problem with phishing email is that they really look like email that you would expect to receive."

In one example, scammers crafted an email that looks like it came from eBay. The mail announces that "Christmas is coming!" and encourages recipients to click on a link to "www.ebaychristmas.net" for advice on "seasonal selling". Though they appear legitimate, the email message and the Web site were fraudulent, Klein said.

eBay and its online payment division PayPal have traditionally been popular among fraudsters looking for login names, credit card numbers and other sensitive information. eBay is aggressive in fighting such scams and offers a browser toolbar to help protect users against fake copies of its Web sites.

While eBay is a known phishing target, scams that involve charities are relatively new. With many in the spirit of giving, December could be a lucrative month for miscreants looking to profit on the generosity of Internet users.

"Since Katrina we have seen the Red Cross show up much more frequently in the list of top-phished Web sites," said Craig Sprosts, a product manager at email security vendor IronPort Systems. In the aftermath of Hurricane Katrina, Web sites popped up that sought to defraud Internet users who thought they were doing good.

IronPort's filters have also stopped at least one email that promised the recipient a prize in a "holiday lottery" and offered a link to a malicious Web site to collect the reward, Sprosts said.

Aside from phishing scams, Internet security companies have seen the so-called Nigerian scams take on a seasonal twist. Typically, swindlers send out junk emails around the world promising recipients a share in a fortune in return for an advance fee. Those who pay never receive the promised windfall.

"They will have words like Christmas and Jesus in them, which makes them a little harder to filter out," MailFrontier's Klein said.

While some attacks will adapt to the season, the deluge of traditional attacks continues. Internet users need to stay on guard and not let the holiday rush weaken their defenses, security experts warned.