From phishing scams to stolen credit cards to crashing websites, crooks are out in full force on the popular Cyber Monday online shopping day, trying to get a big score of their own.
Online fraud on Cyber Monday is estimated to cost as much as $8,000 per minute, according to a recent survey by the Ponemon Institute and RSA, the security division of EMC (EMC +0.00%).
Here are three of the most common dangers shoppers and retailers face.
Phishing fraud
Phishing -- an email, text message, or social media message that looks like it's from a friend or trusted business but is instead a scam -- is a favorite method of crooks. According to USA Today, the thieves expect as many as 1 in 10 of us to fall for the fake message and click the links inside.
On Cyber Monday, these messages may offer special prices if you enter your payment information on the page you're directed to. Sometimes just clicking the link is enough to trigger an attack -- which happened recently with phishing emails that resembled delivery confirmations from UPS (UPS +1.19%) and FedEx (FDX +0.96%).
So-called "fraud alerts" that appear to be from your card issuer are also popular this time of year, and we're more susceptible to them since we tend to be charging more -- American Express (AXP +0.48%) cardholders were recently targeted.
What to do: Be very suspicious of links in emails unless you're positive they are legit. If you aren't sure, call the company directly (type its URL directly into your browser to find customer service contact info) to verify the information.
Site swap
It's surprisingly easy to pass off a fraudulent website off as one from a popular retailer. You may come across these fake sites through phishing scams or while searching the Web for deals. (Hint: Don't search terms like "Cyber Monday deals," which are rife with scams.)
The easiest way to avoid these is to go directly to your favorite retailers' sites through your browser, and not through email or search results. If that's not possible -- say you're looking for a hard-to-find item and don't know which sellers to try -- then take a very close look at the link before you click.
PC magazine's Security Watch blog recommends typing links in unsolicited emails or messages into getlinkinfo.org, which will show you where the link actually goes. If it shows a long list of redirects, or any URL on the list looks suspect, you'll know it's probably fake.
What to do: Watch for the "s" -- when entering any kind of payment, the URL should start with "https" and display a padlock icon.
Imposter apps
Fake apps are popping up more often -- even on legitimate app stores, such as Google's (GOOG +0.37%) Google Play store. No matter how vigilant Google is at removing malicious apps, more crop up, so be on the lookout for anything at all that doesn't match up.
Help Net Security Managing Editor Zeljka Zorz recommends checking the name of the app developer to make sure it matches. "If it's not the same as that of the company that creates the product, it's a fake and probably malicious," Zorz writes.
What to do: Never download an app from anywhere other than your device's app store. Even then, as Android users have seen, that's no guarantee of safety. Be sure to read any available reviews and check out the developer's site as well, to make sure everything looks kosher.
There are a lot of great deals out there on Cyber Monday -- and a lot of bad guys, too. A little vigilance can make sure your shopping score doesn't come with a scam.
