As millions of Americans prepare to spend billions of dollars this holiday shopping season, malware makers are preparing to steal data and money. That's because November and December are typically very busy months for malware infections, and an increase in online holiday shopping is most likely to blame. The National Retail Federation estimates that online holiday sales will increase 11-15% this year. Every online click is an opportunity for cyber crooks to get harmful programs installed on your computer. And this year, even more sophisticated email phishing attacks could spell even more trouble; attacks that hack your computer by tricking you into thinking you've already been hacked.
Enigma Software Group (ESG), makers of the SpyHunter anti-malware program, found that last year, infections detected via SpyHunter jumped 99.23% from Black Friday through Christmas. That was a bigger spike than in 2015 (84%) and 2014 (42%).
"We believe the continued spikes in malware are due in large part to increased online activity by holiday shoppers, and increased efforts on the part of malware makers to take advantage of those shoppers," said ESG spokesperson Ryan Gerding. "Simply put, the bad guys know more people will be online looking for deals and checking on orders, and they have stepped up their attacks."
More Sophisticated Email Phishing Attacks Could Trick Many Online Shoppers This Year
This year ESG believes sophisticated email phishing attacks are unleashing a new approach to get malware on computers. These phishing emails are fake messages that look like they are coming from legitimate online retailers. They are usually receipts that show a purchase the user didn't make. Malware makers hope that the person receiving the email will think their account with that retailer has been hacked and will click on a link in the email to fix the problem. That link leads to malware.
Here's an example, as shown in Figure 1 below. The email looks like a receipt from PayPal for an online order for a coffee gift set. If you got this email in your inbox, you would probably think, "Wait, I never ordered coffee via PayPal, something's wrong." Then you might click on the link in the mail that says "Cancel Now". But that link does not go to the PayPal website. Instead, it takes you to an unknown site that will install malware on your computer.
In the past, phishing emails like this were easy to catch. They often had poor formatting and misspelled words. They just looked fake. But now these emails look very real. Another fake email that looks like it came from Apple Support can be seen below in Figure 2. Anyone who has gotten an Apple receipt knows that at first glance this email looks legit. This receipt is telling the user that someone bought an app in the app store for $2.99 and then spent $44.99 on in-app purchases. Again, an unsuspecting consumer might read this email and think their Apple account has been compromised. If they click on the link in the email that says, "Cancel this transaction", their computers will be infected.
"We've seen fake emails like this that purport to be from PayPal, Apple, Etsy, and others," Gerding said. "The malware makers know that this time of year, people may be expecting emails from these retailers, and may be more likely to click on a link."
The best way to protect yourself from these email attacks is to NEVER click on a link in an email from an online retailer. If you believe there is a problem with an order you made, or if an email looks legit but contains information on a purchase you didn't make, your best bet is to log directly into your Apple, Amazon, PayPal or other accounts directly from your web browser.
Top 5 Tips to Keep Your Computer Safe This Holiday Season and Beyond
- Make sure your computer's operating system is up-to-date, and is scheduled to install updates automatically.
- You should have a reliable anti-malware software like SpyHunter installed, and make sure to run frequent scans and updates.
- Never click on links in suspicious or unsolicited emails. Sometimes, emails may appear to come from a legitimate source but are, in fact, spam and may contain malicious links.
- Be wary of unfamiliar websites that ask you to install software before continuing with your shopping. Unwanted or unfamiliar sites may have malicious scripts or links.
- Be cautious of links found in social media messages. Such links include those found on Twitter direct messages and messages sent to you via Facebook. Potentially malicious messages may look like they are coming from your friends, but there's a good chance their account has been compromised and cybercrooks are attempting to trick you.
ESG will be monitoring infection counts this holiday season to track infection trends. Last year infections jumped 99.23% during the holiday shopping season.
Other Computer Safety Concerns from 2016 that May Continue in 2017
- You might think that the busiest day for malware infections would be Cyber Monday, the first Monday following Thanksgiving when many online retailers have special sales. But in 2016, the busiest day was Wednesday, December 14th, with infections 120.06% higher than normal.
- The rise in infections began earlier in the month instead of a dramatic spike on Black Friday and Cyber Monday. ESG started noticing increases in the first two weeks of November, a likely sign that retailers began their holiday marketing (and consumers began their holiday shopping) earlier.
- In 2016 the individual cities with the highest spike in malware infections during the holiday season were Kansas City, Salt Lake City, San Francisco, Raleigh, and Miami.