As millions of Americans prepare to spend billions of dollars in online holiday shopping, malware makers are gearing up for a big couple months as well. November and December are typically very busy months for malware infections on computers, and an increase in online holiday shopping is most likely to blame. The National Retail Federation estimates that online holiday sales are going to increase between 7-10% over last year to as much as $117 billion. Every online click is an opportunity for cybercrooks to get harmful programs installed on your computer.
ESG reports that malware infections spiked 84% during the 2015 holiday shopping season... a dramatic jump from the 42% spike in 2014. ESG analyzed malware detections data from SpyHunter throughout the US. ESG believes there is no sign that the infections will slow down in 2016.
"The holiday shopping season is one of the busiest times of year for the cybercrooks who spread malware," said ESG spokesperson Ryan Gerding. "They know lots of people will be online looking for deals and tracking their purchases, and that makes those people vulnerable."
Most Common Ways Cybercrooks Use the Holiday Shopping Season to Target PCs for Malware
- Spam emails and links promising great deals. Malware makers know that people will be on the lookout for great prices on everything from gaming consoles to phones. They'll send bogus emails promising super low prices. Those emails will contain links that can install malware if they are clicked. Cybercrooks will also post bad links in Facebook and Twitter accounts that they hijack.
- Fake emails that look like they are from real online retailers. Cybercrooks know it's likely you've bought something online from Amazon or Toys R Us. So they send fake emails that tell you there was a problem with your recent order, hoping you'll click on a link that will install malware.
- Poisoned search results. Sophisticated cybercrooks can create fake web pages promising to sell hot holiday items at very low prices. They can even work to make those pages show up in Google searches for particular products. If someone clicks over to the bogus page, an infection is just a few seconds away.
"These cybercrooks know that people are looking for good deals, and are most likely in a hurry when checking emails and doing Google searches," Gerding says. "And the infections they are creating are more diabolical than ever."
Malware infections today are far more than the simple nuisances of that past that slowed down your computer. Some of the more common infections today can steal personal information, access your contacts and important files, and in some cases literally hold your computer hostage until you pay a ransom to unlock it. In fact, the percentage of overall infections made up of "ransomware" has doubled from 2015 to today.
Key Malware Takeaways During the Holiday Shopping Season
- You might expect that malware infections have a huge spike right after Black Friday and Cyber Monday, when most people begin their online holiday shopping. ESG's data has found that in 2015 and 2014, the biggest single days for infections were two weeks after Cyber Monday. We believe that's because that is about that time that shipping for online orders begins to become a concern for shoppers. The bad guys know this and are more likely to send bogus emails that claim to be from real retailers.
- 2015 saw a bigger increase in infections over Thanksgiving weekend compared to 2014, a sign that a lot more people were shopping online prior to Cyber Monday.
- 2015 also saw a more sustained spike in infections throughout the holiday shopping season.
Tips to Help Protect Against Malware During the Holiday Season
- Never click on links in social media messages. This includes Twitter direct messages and messages sent to you via Facebook. They may look like they are coming from your friends, but there's a good chance their account has been compromised and cybercrooks are trying to trick you.
- Be wary of unfamiliar web sites that ask you to install software before continuing with your shopping. Most of the time that software has malware embedded in it.
- Always have reliable anti-spyware and anti-malware software installed (we obviously recommend SpyHunter), and make sure to run frequent scans and updates.
- If you are trying to check on the status of an online order, type the web site of the retailer into your address bar manually to log in and check. Don't trust a link sent in an email.
In addition to analyzing national data trends, ESG also looked at the malware infections in the 50 largest U.S. cities over the 2015 holiday shopping season. Below is a list of the cities that saw the biggest spike in infections from Thanksgiving to Christmas in 2015.
- Nashville 175% spike
- Raleigh 173% spike
- New Orleans 169% spike
- Boston 137% spike
- Denver 120% spike
- Chicago 106% spike
- Salt Lake City 101% spike
- Baltimore 100% spike
- Columbus, Ohio 99% spike
- Memphis 99% spike
- San Antonio 95% spike
- Miami 94% spike
- St. Louis 93% spike
- Cleveland 92% spike
- Minneapolis 91% spike
- Louisville 88% spike
- Los Angeles 86% spike
- Washington, DC 86% spike
- Grand Rapids, Michigan 86% spike
- Oklahoma City 85% spike