Nov 28, 2011

Cyber Monday: 6 Tips to Avoid Getting Hacked or Scammed

Cyber Monday — which for many stores begins Sunday — is almost upon us. That means that more than any other time of year, we’ll be bombarded with sales and deals and notices and ads. One study found 84 percent of retailers saying they would email consumers about holiday-shopping deals.

Your email inbox will be stuffed like a Thanksgiving turkey with all sorts of offers. Many will be legitimate. An ever-rising number will be scams targeting your identity and money.

Facebook may need you to click in the link in an email so they can verify your login information. UPS may send you an email saying you need to view the attachment to get details about a long-lost package. Your bank may send you an alert that your recent transaction was declined and they need your information immediately to correct the error. And a Nigerian Prince may notify you urgently that you’re about to receive $5,000,000…if you can just send him $500 to get the money out of a closed account.

If you think the only scam is the Nigerian Prince, you’re terribly mistaken. And this mistake can be costly.

According to Javelin Strategy & Research’s 2011 Identity Fraud Survey Report, 40 percent of all identity theft victims had their information stolen while making an online purchase.

Viruses and scams are becoming intertwined these days, and they are more cunning than ever. The latest trend in cyber infections is the active virus — a virus that cons you into taking some action.

Hackers and attackers are sending emails impersonating well-known and commonly used services like Facebook, UPS and your local bank in order to steal your information. They are very good at it. The emails look and sound legitimate even though they are designed to infect your computer or steal your personal and financial information.

How do hackers impersonate something like Facebook? Usually they fill an email with company graphics and links, which are easy enough to find via a Google image search. Often the hackers will go so far as to give you a warning reminding you to “be careful of scammers out there.” They even put privacy information on the bottom to make the email look official.

Among the “good,” legitimate-looking links in the email, there will be a note asking you to click a link to “verify” your login information. The link will take you to a site that’s dressed up to look like Facebook or a UPS page, for example, or it will open an attachment or drop a virus.

Once you’ve entered your identifying information — thinking you’re being smart and keeping up with privacy — the hackers steal your identity and money. Other emails might ask you to download a simple attachment that will actually launch a virus designed to give the hacker access to your computer and everything in it.

How can you avoid falling prey to these scams?

  • Check addresses carefully. Hackers send you messages from addresses that look legitimate and don’t raise alarms. But if the email address is “[email protected],” you can be sure that it’s not from Facebook. So don’t click the link in it. If it’s an official email, it will come from an official, company address.
  • Check the address again! Sometimes hackers even use technical tricks to make the address the email came from end with a legitimate, well-known domain. An example might be “[email protected].” Emails like these often contain infected attachments.
  • Research and use online security tools and services. Some of them are free — a good example is BillGuard, which scans your credit card bills for questionable charges. BillGuard says it has saved consumers more than $500 million in fraudulent charges consumers might otherwise not have noticed
  • Avoid attachments. Unless you personally know the sender of an attachment or email, do NOT download or open the attachment. If you are tempted, at least run the latest anti-virus, anti-phishing and anti-spyware software on your system.
  • Do your research. Most scams are talked about on the Internet somewhere. Google the type or wording of the scam and see what comes up. A site called www.snopes.com offers lots of information about new and old scams. Also, call the company from which the email is allegedly coming. If you’ve gotten an email from a bank and you call the bank but they have no record of your transactions, the email is a scam or a virus.
  • Go with your gut. If an email seems fishy (or “phishy”), it probably is. Use the common sense you use in the real world — it may seem obvious, but for whatever reason many people often suspend their common sense in the online world.

The holidays are all about giving — but not to scammers and hackers.