Black Friday and Cyber Monday are just around the corner, so cybercriminals have begun to flood e-mail, social media postings and search results with tainted Web links, offers for worthless products and pitches for all variety of scams.
"All these things have something in common: social engineering and greed," says Sorin Mustaca, security analyst at anti-malware firm Avira.
The bad guys count on one in 10 recipients of holiday-themed phishing lures to click on a poisoned link or fill out a bogus form.
They've been planning all year for this. Messaging security firm Proofpoint says e-mail carrying faked delivery confirmations and order notices purporting to be from FedEx, UPS, DHL, Amazon, eBay, Wal-Mart, Target and Toys R Us have already begun to swell. Clicking on the enclosed links turns over control of your computer to the attacker.
"We're human; we're compelled to click," says David Knight, Proofpoint executive vice president. "And we're even more human during the holiday season."
Phishing attacks -- faked e-mail carrying tainted Web links -- are expected to spike in coming weeks, purporting to come from shipping companies, says Bob Pratt, vice president of product management at anti-phishing company Agari.
Agari's analysis of billions of e-mail messages shows faked shipping company e-mails increased 62% in the third quarter over the second quarter. Based on historical patterns, the volume of faked shipping company e-mail messages can be expected to double this quarter compared to the third quarter, because "there's a lot more cover for bad guys to take advantage," Pratt says.
Holiday shopping has come to mean fielding "likes" from our Facebook friends, and using our smartphones...