It's the Monday after Thanksgiving and you're sitting at your work computer suffering from food coma.Too bloated to get any real work done, you decide to do something that doesn't occupy too much of the brain--online Christmas shopping.There's more at stake here than the cost of shipping and handling, though. First off, your boss probably doesn't want you to be surfing Amazon when you have spreadsheets to complete. Secondly, you could be opening up the corporate network to malicious hackers during what is known to be a particularly risky period.
Scammers are ready for unsuspecting online shoppers to be hunting for holiday bargains that hit on what has become known as Cyber Monday (given that more than 40 percent of you will be buying holiday gifts online, according to this survey). There will no doubt be malware hiding on retail sites, fake sites created just for distributing viruses and Trojans, and e-mails with malware-laden attachments and links leading to nastiness.
Social networking site Facebook is reportedly brewing malware day in and out. Security firm BitDefender reported that one out of the five items in Facebook news feed leads to malicious content. Now that's not surprising since loads of new users are joining Facebook and sharing as well as re-sharing the content posted in the news feed. These statistics come from the users of BitDefender's SafeGo application on Facebook that scans the user account to check for any potential malware spreading links.BitDefender has analyzed 14,000 Facebook users who downloaded its SafeGo application. According to the statistics, about 60 percent attacks on users Facebook profile or system come from the notifications that are sent out using malicious third-party applications. These malicious malware applications comprise of:
22 percent of these nefarious app claim to offer you details of those who've viewed your profile
15.4 percent Promises bonus items in other popular games like FarmVille, Frontier Ville
11.2 percent offer non-facebook features like Dislike button
7.1 claimed to connect you to Social Network Versions of Super Mario
Websense's Defensio tool free for home users suggested that about 40 percent of all the status messages contain a URL and out of those 10 percent are spam or lead to malicious content.Truly, Facebook users share links that lead to contests, survey, polls, apps and other suspicious destinations. Of course, the social network promises optimum security of content but you can't do much with links, especially when millions of users are logged in.
The systems we've built have helped us stay one step ahead of our attackers, so that as we've more than doubled in size over the last year, the actual effect of the attacks on Facebook users hasn't changed. In fact, the tools and systems we've built combined with concerted campaigns to arm users with the information to make smarter and safer decisions online have limited the number of Facebook users impacted by security issues to less than 1 percent, and that's since the founding of the site (more than six years ago).Users must remember that posting/sharing links through News Feed should be more of a conscious act and not a leisure time activity.
The malware can easily spread to other computers in the company and leave back doors that can be used later for nefarious purposes, putting corporate data at risk.Unless a company forbids Web surfing on company time and uses software to monitor and enforce the policy, there is little recourse once workers start browsing. IT departments should do what they can to protect the networks before then, by using the most up-to-date spam filters and anti-malware software and adjusting the enterprise Internet settings to alert users when a program attempts to download something.
Communication is key, too. Corporate IT personnel should consider sending an alert to remind employees of the dangers and to report suspected malware downloads, advises Adam Chernichaw, a privacy expert and partner at the law firm White & Case. Also, they should tell employees to not click "Agree" or "OK" to close a window, but to click the red "X" in the upper corner or press "ALT + F4" instead.
Employees should practice safe browsing. CNET contributor Lance Whitney wrote about some general tips for Web surfers from Webroot, including typing URLs in directly instead of following links and keeping a close eye on PayPal and other payment accounts.
Be careful of electronic greeting cards, because they are an easy way to trick people into downloading malware. Verify that the merchant or site a greeting card is sent from is legitimate, warns the United States Computer Emergency Readiness Team, an arm of the Department of Homeland Security. If you get an e-card from someone you don't know, be suspicious. You can always ask friends in an e-mail to confirm that he or she sent you something.If you are buying gift cards online, only shop at reputable retailers and not through online auction sites, says the National Retail Federation. Gift cards sold through online auction sites may be counterfeit or stolen and once you buy it it's yours. The group has more online shopping tips on its Web site.
And for people wanting to donate to charity, the U.S. Federal Trade Commission has a charity checklist with tips such as asking groups seeking donations for more information about who is behind the operation, being wary of charities that spring up overnight in response to disasters, and not sending cash or donations.
Web searches can be dangerous any time of year as scammers use search engine optimization tactics to lure people to their sites. But holiday shopping online presents an attractive pool of potential victims. Be extra cautious when doing searches related to "holiday sale" and "Christmas specials" during this time of year. F-Secure has compiled a Holiday 2010 Cyber-Watch List of popular search terms that are expected to be used by scammers to poison search results, which features "Kinect for Xbox" and "Call of Duty: Black Ops" at the top.
Disclaimer: All information on this news has been compiled from their respective official websites or through public domain sites and leading newspapers. Although, we have taken reasonable efforts to provide you with accurate information, but we assumes no responsibility for the accuracy (or inaccuracy) of the Information and would advise you to verify it from the official product provider. We cannot guarantee that the information on this page is 100% correct. If you would like to advertise on our site please contact us
