One of the biggest shopping periods of the year is fast approaching. Black Friday and Cyber Monday deals will soon begin to surface, and the made-up holidays are expected to break all sorts of records this year.
Cyber Monday began "officially" in 2005 (it was made up by a marketer), but the phenomenon goes back to the beginning of online shopping, before personal computers and broadband connections were a fixture in homes. People would return to work on the Monday after Thanksgiving and shop from their office computers.
Of course, as the popularity of Cyber Monday grows and the deals get bigger and better, the risks of shopping online also increase. Cybercriminals love Cyber Monday too, and they work hard to get rich off the huge number of people engaging in online commerce around the holidays.
"Our inboxes are filling up with offers, and it's easy to slip something malicious into the volume of unsolicited emails during this time of year," said Don DeBolt, senior technical director at Milpitas, California-based security company FireEye.
"Due to the sheer volume of people shopping on Monday, [it also] makes for a great time to insert a malicious advertisement into an established ad network," DeBolt said. "This type of attack is known as 'malvertising' and results in the attacker taking you to a website of their choosing when your browser loads the malicious advertisement.
"Computer users have little control over this attack if they are not using an ad-blocking application, so it is highly recommended that an anti-malware product is used to best protect against this kind of attack."
Just recently, we've seen reports that cybercriminals have created up to 100,000 fake online-shopping websites, made up to look like well-known websites and with similar web addresses, to lure in shoppers and hit them with scams. And Macy's. one of America's biggest retailers, has disclosed that its website was infected with credit-card-stealing malware.
To help shoppers stay safe and secure on Cyber Monday, here are some tips.
Shop from a secure computer
A computer or Android phone that isn't protected by the best antivirus software is more likely to be compromised by malware. Otherwise, all data entered into or transmitted from that phone or computer is at risk, including all forms of personally identifiable information, credit-card numbers and bank accounts. Be sure to keep the operating system and all internet-facing apps updated to the latest software versions.
Shop using a secure connection
Data can be at risk during transit if an attacker controls the network or uses packet-sniffing software. Web protocols such as HTTPS encrypt communications, but in some advanced attacks even those could fall to a "man-in-the-middle" attack.
You should always look for the HTTPS lock symbol in your browser address window when performing an online purchase. But it's not a guarantee that the site is genuine -- many malicious sites now use encrypted connections too.
Search for deals on retailer sites, not on search engines
Scammers "poison" search results with malicious or deceptive links. Searching for the best iPad deals? Run a search on the Best Buy, Amazon or GameStop sites rather than on Google.
Use trusted vendors
Any website can be attacked by hackers, but limiting your shopping to established and trusted vendors limits your exposure. Bookmark the most trusted online retail sites to make sure you don't get redirected to fakes.
Check each website's URL
This may seem obvious, but you'll want to check each retail website's address, aka URL. Scammers who want to steal your credit-card number or personal information will "clone" well-known shopping sites and park them at web addresses that are often just one mistyped letter away from the real thing.
Don't fall for 'too-good-to-be-true' deals
Cyber Monday features a lot of incredible, legitimate deals offered by trusted mainstream retailers. But cybercriminals will prey on shoppers' desire for the lowest prices and will try to slip in a lot of fake deals.
Watch out especially for emails, text messages, pop-up browser windows and Facebook and Twitter posts promising fantastic savings. Clicking on links in the messages or posts could lead to scams, phishing sites or sites distributing malware. And don't open attachments in emails promising fantastic deals.
Plan ahead and don't be rushed
Cyberattacks take but a split second to occur. Sometimes all that's required is clicking on a link in an email. Look for clues to malicious links, such as an extra ".cc" at the end of what would otherwise be a trusted domain name. Take the time to make sure you're on the correct website.
Review credit-card and bank statements regularly during the shopping season
Malware can infect credit-card readers in stores, and unscrupulous cashiers often steal card numbers as well. If you find a transaction that doesn't match your purchases, your account may have been compromised. If so, contact your bank or card issuer.
Don't use debit cards online
You've got far less protection against fraud on a debit card than you do with a credit card. Stick to credit cards when shopping online. If you absolutely must use a debit card, use the prepaid kind with a set spending limit.
Use unique passwords and logon information for every site you visit
Yes, it's a pain to remember all those passwords. But if one of them is stolen, a cybercrook will try using it on other websites. Passwords should be as long as possible and contain a mix of upper- and lower-case characters, numbers, punctuation and symbols -- and passwords shouldn't be reused, especially for any website that handles your money. If you have trouble handling them all, use one of the best password managers.
If you're shopping from a tablet or smartphone on Cyber Monday, use a trusted vendor's app, not a web browser
Vendors have more control over their own apps than they do over mobile browsers, which often don't display the web addresses of the sites to which you're giving your credit-card information.
Never install software on your mobile device from a website link or code
Software from locations other than the device's official "store," such as Apple's iTunes App Store or the Google Play Store, has a greater chance of being malicious. Even then, check to make sure that the app developer is the official retailer -- a lot of Amazon-related apps in Google Play have no connection to Amazon.