With the arrival of the holiday season, consumers are probably spending more time online. They're comparing prices, checking out restaurants, and making purchases. Criminals know this and try to exploit it.
Carrying out a scheme known as “phishing,” they send out spam emails that are designed to trick consumers into clicking links to take them to a site they believe to be a retailer, bank or travel site. In reality they are dummy sites where consumers will be encouraged to enter sensitive information.
More than a simple invasion of privacy, these online scams have turned into a multimillion dollar industry that can wreak havoc on people's finances and sense of personal security.
Don't take the bait
"The idea behind phishing is that an attacker will try to get you to enter your information into a decoy website that looks exactly like the legitimate one you are used to using," said Wesley McGrew, a scientist at Mississippi State University's Center for Cyber Security Research. "The decoy site will allow them to collect your username and password, and once they have that, they can access any personal or financial information you've stored on that account."
McGrew is what's known in computing circles as a "white hat hacker," someone who breaches secure computer systems to identify weaknesses or threats before they can be exploited by criminals. But he says you don't have to be a computer expert to thwart scammers, just a little cautious about what you click.
"If you receive an e-mail directing you to log in to a site, that should be your first warning that you might be going to a phishing site," McGrew said. "It's important to be aware of how you arrive at a website and its always best to be suspicious if anything seems wrong or if your Web browser issues a warning."
McGrew says consumers should never reply to an e-mail that directly asks for username and password information. They should never follow links from an e-mail to log in to a website. Instead, type in the Web address and use the site directly.
Also, before entering login information on a website, be sure that the Web address begins with "https" or that there is a lock icon in the address bar, which means information entered on the site will be encrypted during transmission.
To eliminate any remaining doubt about the legitimacy of a website, McGrew said users can click the lock icon to see the Web page's security information and verify that the site is being operated by the organization it claims. He said contacting the website's support staff is also a good idea to alleviate lingering concerns.
In 2011, Internet crimes netted a loss of more than $4.5 million, according to a report from the national Internet Crime Complaint Center. FBI-related and identity theft scams, which commonly involve phishing, were the most common of the more than 314,000 crimes reported to the center last year.