Shopping online for a New Year gift? Or clicking on that New Year e-greeting link? Be careful this time around as cyber criminals armed with a new set of web threats, including viruses, spam and cyber-scams, would be on the prowl to trap gullible internet users.
Hackers use their best schemes during holidays to steal people's money, credit card or net-banking information.
Following seasonal trends, these thieves create holiday-related websites and other convincing emails that can trick even the most cautious internet users, say experts.
"Spam and phishing attacks usually see a surge during this time of the year as an increasing number of people use the internet to shop, send e-cards, greetings or even simply surf.
Cyber criminals take advantage of increased traffic online to send spam and manipulate search engines in order to draw victims to their websites," Roger Thompson, chief research officer of security software maker AVG Technologies told PTI.
In the run-up to New Year, shoppers often fail to check the authenticity of websites which claim to offer gifts at throwaway prices before simply vanishing a few weeks later, he says.
According to a recent report by online market research company Juxtconsult, the burgeoning online landscape has a population of 49 million internet users in India; out of which 44 million use emails and close to 25 million browse the internet every day.
With the advent of holiday season, the density of online shopping and internet usage goes up manifold and so does online security threats, a spokesman for software manufacturing giant Microsoft says.
"Before a consumer enters his credit card number, he should make sure that the company website requires only personal information like card number, address and telephone number to complete the purchase.
"They should be wary if the site asks for other information such as bank account numbers, or their mother's maiden name, etc," he advises.
Observing that most of the web-threats are carried out through emails, Rakshit Tandon, a cyber security consultant with Internet & Mobile Association of India, warns about fake New Year e-greeting cards.
"When you load that e-card, a malicious code enters your computer compromising your security. They might hijack your computer and install a key-logger into it, through which whatever you type into your computer would be seen by the attacker. So you lose all your privacy and even passwords," he says.
On any given day, AVG estimates that around 8 to 14 million unique users worldwide are exposed to social engineering scams.
"More troubling is the speed with which these threats take place. Our research shows that an average of 60 percent of poisoned websites disappears in less than 24 hours," Thompson says.
"Users cannot assume that the pages they know and visit every day are safe from threats to their personal and financial well-being. Increasingly, it is legitimate web sites, compromised by criminals that pose threats," he observes.
Charity-phishing scams in which hackers dupe unsuspecting citizens by taking advantage of their generosity during festive season is also a major threat.
"Charity-phishing scams will be bigger this time. Hackers send e-mails that appears to be from legitimate charitable organisations. They also create fake web pages and the poor user ends up giving them his credit card information or net-banking password," Tandon, who also works with the cyber complaint redressal cell of Uttar Pradesh Police, says.
Hackers are also sending out fake mails saying that the person's bank is doing a security upgrade during New Year and request him to update his personal information through a false web link.
"And as soon as the user clicks, a fake page of the bank appears on the computer, which looks exactly the original one," he says while cautioning people to be sceptical about messages like 'this New Year you have won a five-million dollar online lottery' or a free shopping voucher.
Many netizens have already started getting counterfeit mails from popular brands like Hallmark, Coca-Cola and McDonald's.
"Big brands are also being abused by hackers. They send mails saying the company is giving them free coupons or gift vouchers. Many naive users fail to recognise that they are actually coming from hackers," he says, adding that online banking is also an area of concern.
Social networking websites like Facebook, Orkut and Twitter would also be on the radar of cyber criminals.
"As attacks have shifted to moneymaking criminal activities, there is more incentive for perpetrators to establish complex, clever, and highly undetectable methods for distributing malware and poisoning web pages," the AVG official says.
The best way to keep safe is to firstly develop a healthy dose of scepticism, and then to back that up with a security software that includes a dedicated web-scanning layer and behaviour-blocking technology, he advises.
