One common technique of fraudsters is to send out fake emails about cancelled orders or failed deliveries. F-Secure, an antivirus and computer security vendor, explains, "This bait will then entice many to click on a malicious link provided within the email, directing the person to a malicious exploit, commonly referred to as a "Blackhole exploit."
These scams occur throughout the year as well, but during the holiday shopping season there is a much higher chance that you have actually ordered something or are waiting for a package to arrive, so it's much easier for attackers to catch you off guard.
While fake emails still frequently contain red flags like obvious spelling and grammar errors, cyber criminals are getting better at making emails and spoofed websites that are virtually identical to the real ones. Your first line of defense is simple: Never (I repeat, never!) click on the link within the email itself. F-Secure recommends that you go to the retailer or shipper website directly, and log in to verify or track your order.
Unfortunately, fake emails with malicious links are not the only thing you have to worry about. The Web browser is the one of the most commonly used tools across all computer and mobile device platforms, and attackers know it. A recent report from Kaspersky Labs found that nearly one in four browsers in use are out of date--and therefore potentially vulnerable to known exploits.
A blog post from Qualys CTO Wolfgang Kandek agrees that out of date browsers put users at significant risk, but adds that the weak link is often a vulnerable plug-in or extension running within the browser. "Our research shows that the worst plug-in is Java, installed on 82 percent of all tested machines, with over one third of all installations vulnerable, closely followed by Adobe Flash, which is installed on over 67 percent of all tested computers, with 24 percent left vulnerable."
Attackers can sometimes craft an exploit for a disclosed vulnerability in a matter of hours. It's always important to keep your browser and plug-ins up to date. As you venture online for holiday shopping, it is particularly crucial that you first make sure your software is fully patched, and that your antimalware software is up to date.
Sign up for CIO Asia eNewsletters.