McAfee Warns on Holiday Shopping Scams

UPDATED: Security vendor McAfee is aiming to educate consumers on safe online shopping practices this holiday season.

With online sales projected to reach $33 billion this year and consumers wanting to avoid the madness of the malls, the Web is an increasingly popular alternative. But it could prove dangerous for the unprepared, the group warns.

To help, McAfee is teaming with the Federal Bureau of Investigation to promote safe online shopping practices during the holidays. Together, they plan to host a Webinar tomorrow on the company’s Web site. The seminar, scheduled for 11 a.m. EST, will also be available to view for some time after the event as well.

During the presentation, an FBI special agent is expected to discuss the latest trends in cybercrime, how to protect oneself from the most common of online scams and must-have tools for prevention.

“This is a case of consumers needing to be reminded about some of the basics before they let the fingers do the walking, that they have to practice some common sense safety precautions,” McAfee Research Analyst Shane Keats told

Many of the tricks still bedeviling online shoppers are old ones, like phishing sites masquerading as a legitimate bank site.

Yet Keats also noted there is a new trend toward charity-related phishing sites. While the majority of phishing sites remain financial or retail in nature, there is a growing number of sites claiming to give to charity.

“People give to charity mostly at the end of the year, so you should expect to see some of that,” he warned.

While the FBI can lecture on its latest security methods, the biggest vulnerability consumers face is not from a hacker intercepting their credit card information at Amazon or Overstock. Instead, it may be from a key logger that had been surreptitiously installed on their computer because they opened an e-card or some other attachment from an unknown source.

“The major online e-commerce vendors do a wonderful job of protecting your financial information,” Keats said. “The problem is that consumers are putting themselves at risk before they get to the e-commerce vendor by opening that e-card, by downloading a screensaver from an unknown Web site, by going to a hacked Web site that installs some ‘drive-by’ code.”

That kind of prevention requires the suite approach, since just an antivirus program is not enough any more. In other words, this also means anti-spyware software, a firewall and the latest trend in security, a browser plug-in that checks links as you surf or go through search engine results.

McAfee has SiteAdvisor, Finjan offers SecureBrowsing and Exploit Prevention Labs has LinkScanner, to name just three of these last types of solutions.* Unlike most antivirus software, they also are free. All will warn a Web user if the site they are visiting is known to host malicious code or if they detect something suspicious on the site.

Another trick to learn before purchasing, according to Keats: “Learn the wisdom of the crowds.” Namely, research a smaller e-commerce site before making a purchase to learn what others have said about the site, he said.

*Corrects company names from prior version of this story.

News Around the Web