McAfee warns about '12 Scams of Christmas'

Retailers aren't the only ones gearing up for the holiday season. Criminals are also out in force.

To highlight the increased crime during the holidays, security company McAfee has come up with the "12 Scams of Christmas" ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity.

It's especially important to be extra careful this time of year, says McAfee's David Marcus. "The bad guys know people are spending more time online, they're paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.

In a podcast interview (scroll down to listen), Marcus counted down the 12 scams of Christmas starting with:

1. Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.


2. Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.


3. Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.


4. Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it's from a site you haven't heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it's from someone you know. If you're going to send an e-card, be sure you're dealing with a reputable service lest you risk infecting yourself and your friends.


5. Fake "luxury" jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that's too good to be true, it probably isn't true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.


6. Practice safe holiday shopping. Make sure your wireless network is secure and be sure you're shopping on sites that are secure. Though it isn't an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The "s" stands for "secure."


7. Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.


8. Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your "set up fee" but misuse your credit card too. Marcus said that some "get rich quick" sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.


9. Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you're actually going to eBay or whatever site you plan to deal with.


10. Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.


11. E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don't click on any links but type in your bank's Web address manually if you need to access your account.


12. Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.

Bottom line--Don't let the eggnog and holiday cheer keep you from using your critical thinking skills when you go online during the holiday season. And, of course, make sure your operating system is updated and that you're using up-to-date security software.

Listen to Larry's interview with McAfee's David Marcus

Listen now: Download today's podcast

[n3td3v]

Hackers make money out of joe public, McAfee make money out of hackers and joe public, joe public has no money because the hackers took his money and so did McAfee. McAfee is part of the cybercrime eco system. McAfee can't wait till christmas.

[xaduurv]

Congratulations, that's the most cynical thing I've heard all day. It's like doctors making you sicker so they get more money for treatments off you.

[blondepianist]

If that were true, McAfee would have kept this list to themselves. That way, unsuspecting Joe Public could get himself infected and pay for McAfee's security suite.<br /><br />But McAfee did not withhold this; they researched the trends and released their findings FREE. Like Mr. Magid said, keep your critical thinking cap on.

[Guy1609]

Please be advised that a bogus business is operating in china offering ipod-iphones -lap tops-camera equipment the business is www.fayort.com once you pay they do not supply the purchase

[brienza1975]

Just the name alone tells me its a scam!

[stiener]

Only 12. This is the scammers favorite time of year. By the time the silly season is over with, I'm sure that figure will inflate a couple fold.

[Dan7637]

hackers and scammers should be put to death without trial

[pentest]

Wow, I hope the feds think you are a scammer and then you will find out what an idiot you are.

[sargess25]

"McAfee warns about '12 Scams of Christmas'"<br /><br />12 different scams and one common denominator; Windows OS<br /><br />good to see that some things never change lol :-)

[will_col]

I think windows os is by far less inherently secure than linux or os x. in fact, i use os x myself. however, that statement you made is bogus. the os is only as secure as the user. mcafee didn't point out virus' or spyware that windows is usually prone to. they pointed out practices done by criminals that effects all computer users, whether that is somebody using some locked down ubuntu installation or windows ME (i know sucke...people who still use it!)

[csturdivant]

Well that didn't take long for some idiot to turn this into a Windows bashing.

[pentest]

Some of those prey on the stupidity of people. Granted, a huge chunk of Windows users have a low brain-cell count, but many of the types of scams are not dependent on any OS, just idiocy.

[pentest]

That you felt the need to post this just shows that there needs to be some standard of competence displayed before being allowed to go online.

[TobyGalino]

wow and in no-certain order, and I have to echo Stiener ONLY 12. But on a positive note, here at VeriSign we are hoping joe-public is more educated this year, and has learned not to clicki on random links, maybe they are also clued into EV SSL and the seriously savvy are pulling out their two factor authentication token, which requires a user to authorize him/herself with a one-time pin during each log-in. With that enabled, it won't matter even IF your password gets hacked.

[UbrAngie]

Wow, it looks like too many people haven't had their morning caffeine yet today...or something! I would like to add that not everyone in the world, or even everyone who reads cnet posts are as, how shall I say, "technologically savvy" as you fine folks, or perhaps they are, but chose to share this information with others that may not be quite so, like our teenage children or younger even, who are just learning the ropes and may not be so enlightened. Don't you negativity seekers have anything better to do with your time than clutter up the system with crap? Just my two cents worth of additional crap to add to yours...cuz I also don't have anything better to do with my time :)

[bkennedy60]

Yes, this is a savvy bunch. I recommend you check out www.stopHCommerce.com and pass it along to your "non-savvy" friends. It's a video series that shows how a woman was caught in a 419 scam and ripped off for over $400K! If that doesn't make them pay attention to these scams, nothing will. <br />The site also has some common sense tips on how to protect yourself.

[john_burden2001]

Stay away from fayort.com a company based in China offering very cheap electronic items (TV's, cameras, ipods etc) they are frauds. They require wire transfer payment and have a hotmail address..........BEWARE