If you're shopping online instead of at the malls this holiday season, the Federal Bureau of Investigation (FBI) warns you to be wary of cybercriminals.
FBI officials say these online crooks will aggressively try to steal your money and personal information during this busy shopping season.
Cybercriminals use several methods to dupe consumers, including sending electronic greeting cards that contain malware (malicious software), setting up spoof Web sites that look like legitimate ones, and unleashing phishing and vishing attacks where unsuspecting shoppers receive e-mails that ask for personal data.
"These cyber scammers will do whatever they can to steal your money and personal information this holiday season and are trying many different ways to commit these crimes," said Shawn Henry, Assistant Director, FBI Cyber Division in Washington, D.C. "The best way to protect yourself is to report these scams to law enforcement or the Internet Crime Complaint Center (IC3)."
Here's how the various schemes work:
• The Greeting Card Scam -- Consumers receive an e-mail about a card from a friend or family member. In most cases, the e-mail directs consumers to click on a link to view the e-card. Once consumers do that, they are unknowingly taken to a malicious Web page;
• Spoofing Scams -- In these schemes, criminals create a false or shadow copy of a real Web site or e-mail that misleads consumers. All network traffic between the consumer's browser and the shadow page are sent through the spoofer's machine. This gives the spoofer access to the consumer's personal information, such as passwords, credit card numbers, and account numbers. FBI officials warn these e-mails look authentic. So do the spoof Web sites. In some instances, spoofers direct consumers to authentic Web sites and then pop up a window over the site that captures personal information. That information will likely be sold to criminals, who will use it to ruin consumers' credit and drain their accounts;
• Phishing and Vishing Attacks -- In these scams, consumers often receive e-mails or text messages about a problem with their account. They are told to follow the link in the message and update their account. But that link takes unsuspecting consumers to a fraudulent Web site that looks legitimate. Consumers' personal information, such as account number and PIN, is then compromised. Some consumers say they have also received e-mails asking them to take an online survey. Once they finish, consumers are asked for personal account information supposedly so they can receive money for taking the survey. But sharing that information gives criminals access to their accounts.
Consumers can protect themselves from getting taken by cybercriminals by:
• Not responding to unsolicited (spam) e-mail;
• Not clicking on links in unsolicited e-mail;
• Being cautious of e-mails that contain pictures in attached files. Those files may contain viruses. Only open attachments from known senders;
• Using caution when filling out forms in e-mail messages that ask for personal information;
• Always comparing the link in the e-mail to the one you are directed to;
• Logging on to the official Web site instead of "linking" to it from an unsolicited e-mail;
• Contacting the business that supposedly sent the e-mail. This way you can verify if the e-mail is legitimate.
Consumers who've lost money in a cyber scam--or received a suspicious e-mail--can file a complaint on the Internet Crime Complaint Center's Web site.