Security threats Toolkit

Tis the season of Christmas scams

Joris Evers CNET News.com

Published: 22 Dec 2005 10:10 GMT

"There is more online activity and consumers are more vulnerable because they are out on the Internet looking for deals," Sprosts said. "They might let their guard down and click on a phishing attack."

Klein agreed: "We're all running around a little faster because it is Christmas and we're all doing things we might not do throughout the year, such as buying a lot online and visiting sites we don't normally go to." His advice to online consumers: Pay attention and don't let your guard down.

Crooks don't only stand to benefit from a change in online consumers' behavior during the holidays. They can also benefit from a lower level of fraud checks at online stores, payment processors and credit card companies, said John Pironti, a principal security consultant at Unisys, an IT services company.

"A lot of the security controls are relaxed in order to handle volume," Pironti said. "Not as much fraud will get caught, so immediately you see an uptick in activity. Fraudulent people tend to know this; it is a well-known secret."

MasterCard denies that it decreases the level of fraud checks during the holidays to cope with a high volume of transaction. "We do capacity planning to make sure that we are able to operate," Linda Locke, a MasterCard spokeswoman, said. "MasterCard relaxes no antifraud controls during the holiday season."

Visa did not respond to requests for comment.

While making your list of what to watch out for online this holiday season, don't forget worm and virus attacks.

A Santa Claus worm that targets America Online, Microsoft and Yahoo instant-messaging users surfaced on Tuesday. The worm attempts to dupe IM users into thinking a friend has sent them a link to a harmless Santa Claus image, but clicking on the link results in malicious software being downloaded to the target's PC.

Security experts have also warned of malicious software that can pose as an electronic Christmas card, like last year's Zafi pest. They advise consumers not to open email attachments and to send friends Christmas greetings in plain text or via traditional mail.

If your PC is not yet secured, consider making a New Year's resolution to install antivirus software and a firewall and perhaps an antiphishing toolbar.