Thieves roll out scams for Cyber Monday

Nearly half of adults will take to the Internet on Monday to spend $2.6 billion — and cyber thieves will follow.

Online retailers offer deep discounts on the Cyber Monday after Thanksgiving to take advantage of the uptick in holiday shopping.


The one-day surge in online buying presents an ideal opportunity for cyber crooks seeking to pilfer credit card data. Hackers often disguise themselves as well-known companies in emails, tweets, ads and on social media sites, hoping to lure customers into clicking links to fake pages asking for credit card info. The tactic is commonly known as phishing.

A survey released Monday revealed 40 percent of people believe links from "trusted brands" — Wal-Mart, Gap, Target, eBay, Amazon — are safe.

“The No. 1 reason to click is trust in a brand, which isn't good — I have seen some very convincing phishing emails and bogus websites that look nearly identical to the real thing,” said Dwayne Melancon, chief technology officer at security research firm Tripwire, which backed the survey.

Hackers are exploiting this trust.

“Savvy attackers know that malicious links are effective, that’s one reason phishing attacks are so pervasive around the holidays,” said Ken Westin, a security analyst at Tripwire.

A recent Google study found the most deceptive of these phishing schemes got people to click “a whopping 45% of the time.”

The White House on Monday tried to warn online deal-hunters of the dangers awaiting them.

“Along with increased convenience, shopping online also brings with it the potential for increased risks of theft, fraud and abuse,” said Michael Daniel, the White House cybersecurity coordinator who often goes by the title “cyber czar.”

In a blog post, Daniel encouraged shoppers to directly enter Web addresses when shopping or to find the trusted link through a search engine.

“It is so easy to click a legitimate looking link, but end up compromising your security,” he said.

Duped Cyber Monday shoppers also put their companies at risk.

According to Internet analytics firm ComScore, nearly half of all 2013 Cyber Monday purchases were made from office computers.

“Employees need to be aware that anytime their computer is on their corporate network, even if they logged in through a [private Wi-Fi connection], they can put their organization at risk by simply visiting the wrong website or clicking the wrong link in an email,” said TripWire’s Westin in a blog post.

The White House is planning a summit on cybersecurity and consumer protection for early next year, Daniel said.

President Obama initially said the summit would take place in late 2014 as part of the White House’s recent executive actions to curb data breaches and fight identity theft.