Today is the annual ‘Black Friday' in the US as the public hits shopping malls after the thanksgiving holiday.
However with many choosing to turn to the internet for their Christmas shopping, this weekend is expected to be a busy time for websites, with Monday being tagged ‘Cyber Monday'.
In a survey of consumers, Webroot found that 68 per cent plan to buy at least half of their gifts online this year, presenting cybercriminals with a larger target over the weekend and throughout the holidays.
Surveying over 1,600 individuals, Webroot found the number of consumers planning to buy gifts online this season increased 46 per cent from two years ago. The survey also revealed a number of behaviours that may put shoppers' personal and financial information at risk. Over half of respondents frequently, if not always, use search engines to find gifts online, 38 per cent trust the first page of search results and 12 per cent are likely to use a public wireless access point to shop online for gifts.
It also found that under half (47 per cent) are concerned about stolen credit card and bank account numbers and only four per cent said strong concerns would reduce the amount of gift shopping they complete online this season.
Mike Kronenberg, chief technology officer of Webroot's Consumer business, said: “Cybercriminals appear to be gearing up for a lucrative holiday season. A particularly concerning trend is an increase in phishing Trojans – which can steal credit card numbers, passwords and other information - in the months leading up to November, just as people begin thinking about buying gifts. Remember that hackers don't take a holiday; be aware of how they operate and protect yourself.”
Commenting, Tim Orchard, principal consultant at Activity IM, said: “There is plenty of precedent for holiday season malware. Phishing attacks, Trojans and other malware that have a thanksgiving or Christmas theme is nothing new, and with the recession and people looking for best value Christmas gifts I would think that malware targeted to exploit peoples Christmas shopping would have an increased chance of success.
“On the other hand, with more and more people doing their Christmas shopping online, companies that can prove they take online security seriously are going to garner an increased level of trust for those looking to shop online and therefore maximise their internet sales.”
Offering ‘seven simple rules' for online shopping, Proofpoint encouraged users to view with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are unlikely to ask you for this type of information via email.
Likewise, do not click on links in a suspicious email and look for https and the padlock icon when using a web browser or fill out forms within an email, especially those asking for personal information. Instead, visit the company's actual website and ensure that the page you are using is secure before entering sensitive information.
Proofpoint advised to keep an eye on bank accounts and credit card statements, be aware of scams delivered on social networking sites and keep your security up-to-date.
Orchard said: “Trust in the ability of internet companies to keep client personal and credit card details safe has always been one of the biggest barriers to online shopping.
“Companies that develop their websites using proven secure code development methodologies, and who perform regular security penetration testing on their sites are likely to be more secure than those that simply aim to tick the minimum requirements of standards such as PCI. If they can articulate this to their customers in a manner they understand they should be able increase that level of trust and therefore their sales.”