Tuesday, November 27, 2007

On-line Shopper Alert

Net surfers tread treacherous water
Cyber crooks target online shoppers with new scams

By Byron Acohido

SEATTLE - A confluence of commerce and criminal activity may turn the next four weeks into the most dangerous period ever to surf the Internet.

"Given the kickoff to the holidays the increasing sophistication of cyber thieves, these may be the risk­iest days for Internet consumers we've ever seen," says Bill Morrow chairman of security firm CSldentity.

Consumers' high comfort level ordering gifts at their keyboards is translating into record traffic to websites that review, advertise and sell popular products. Re­tailers aren't the only ones trying to capitalize. Tech se­curity authorities warn online shoppers about these snares set in place by organized cybercrime rings:

Spam scams. Be wary of e-mail luring you Co buy drugs, invest in small companies or click to a greeting card or news story. Many of these are scams. Delete any e-mail directing you to type in a credit card num­ber, or other sensitive data, to make a charitable dona­tion. "E-mail is never a safe way to transmit informa­tion," Morrow says.

Fake ads. Do not click on ads using scare tactics to get you to buy Spy-Shredder, AntiVirGear, MalwareA-larm or some 40 other products with similar names. Online ads pitching fake anti-spyware increased 1,000% in October, says Don Jackson, virus researcher at SecureWorks.

In the past, such ads popped up mostly on porn sites or other obscure sites. But they've begun to appear on websites for CNN, The Economist, the Huffington Post. Major League Baseball, the National Hockey League and Monster.com.

If communications on online forums where cyber crooks hang out are any indication, there's more to come. "We've seen a big increase in that type of chat­ter on forums in the last 30 days," Jackson says.

Tainted Web 2.0. Sites that use nifty Web 2.0 fea­tures are under siege. Case in point; The personalized log-off page at lndiaiimes.com earlier this month was corrupted so that anyone who used that service got in­undated with commands to automatically click to hundreds of Web ads. This was part of an elaborate scam to earn fraudulent "click-through" ad revenue.

Web 2.0 features at a British jewelry website, an au­to-information site and a major job-finding site were identically compromised, says Mary Landesman, sen­ior security researcher at ScanSafe. Hundreds of other Web 2.0 sites are being similarly corrupted, she says."These sorts of attacks impact people who are very careful about where they surf and only go to the most reputable sites," Landesman says. "That's why the at­tackers focus so much energy on doing this, because it's a bonanza for them."

ScanSafe offers a free tool that rates the safety of websites, available at scandoo.com.

SOURCE: This article appeared in USA TODAY Monday Nov 26, 2007

No comments: