On the first day of Christmas, my true love gave to me ... a virus in my PC?
As consumers get ready to hit the Internet in droves to buy holiday gifts, exchange greeting cards and search for Christmas carol lyrics and ringtones, security researchers have a few words of caution.
Cybercriminals save their best schemes for the holidays, they say, dressing online scams to steal personal information and money in festive, seasonal wrapping.
"Everyone is going to the Web to do holiday shopping. ... That presents the bad guys with a better way of delivering threats to you," said David Marcus, director of security research and communications for McAfee Labs, which on Thursday warned consumers about the "Twelve Scams of Christmas."
According to Consumer Reports, in the past two years, cybercriminals have stolen $8 billion from Internet users. And, Marcus said, they pull out all the stops around popular holidays.
"The bad guys read the same news you do and will use the news and event of the day against you," he said.
Cybercriminals are a creative bunch, tricking even the most cautious users into disclosing sensitive information. But pay attention to the following 12 scams and, hopefully, they won't deceive you.
1. Charity Phishing Scams Prey on Your Generosity
'Tis the season for giving, right? Yes, but you should still be careful to whom you give.
Hackers are ready and waiting to take advantage of your generosity with e-mails and Web sites that appear to be from legitimate charitable organizations, McAfee warned. They may look real, but the Web sites are actually designed to steal donations, credit card information and donor identities.
If you get a suspicious e-mail directing you to a company or charity's Web site, do not click on the link. Instead, go directly to the Web site by typing the address or using a search engine.
2. Deliveries From Santa? No, Scammers
Around the holidays, packages pour in via Federal Express, UPS and the U.S. Customs Service.
But if you get an e-mail supposedly from a delivery service asking for credit card details or directing you to open an online invoice, be careful.
Cybercriminals often send fake invoices and delivery notifications appearing to be from well-known delivery services, Marcus said. Opening a fake invoice online could prompt the installation of malware on your computer.
Before you click, take a good, hard look at the address the e-mail is coming from. If it's from Federal Express, it should be a short address from "Federal Express" or "FedEx," he said.
He also said to pay attention to the language in the e-mail, adding that bad grammar is often a red flag. Most importantly, be suspicious if the e-mail asks for credit card information, because a valid delivery notification would not ask for that.
3. 'Let's Be Friends' -- Cybercriminals Target Social Networks
What would the holidays be without mistletoe-laced cocktail parties and happy hours?
This is one of the most social times of the year and cybercriminals try to benefit by sending authentic-looking "friend request" e-mails from online social networks.
Clicking on links in these e-mails can automatically install malware on computers and skim personal information.