Security technology company McAfee has released findings from the company’s 2012 Holiday Shopping study. The research investigates the online habits, behaviours, interests and lifestyles of global consumers who indicated that they will engage with Internet and mobile devices while shopping this holiday season. In light of these findings, McAfee also exposes the top 12 scams of Christmas that criminals plan to use to rip off Canadians as they shop online and on mobile devices for the holidays.
While Canadians have become accustomed to shopping online and many plan to do so over the coming months, they are also using their mobile phones for more of their everyday activities. As 58 per cent of those surveyed plan to shop online, a surprising 1 in 3 of them plan to use either a smartphone or a tablet, and while aware of the risks, most are willing to give away their personal information if they can get the value they want in return. In fact, despite that 83 per cent of Canadian smartphone and/or tablet owners surveyed are at least somewhat concerned that their personal information could be stolen while using an app on a smartphone or tablet, more than eight in 10 Canadians are willing to provide some level of personal information in order to receive an offer that is of value to them.
Among those Canadians planning on using smartphones or tablets to purchase gifts this holiday season, more than half are specifically planning to use apps for shopping and/or banking. As such, mobile devices have proved irresistible to cybercriminals, and now they are targeting mobile users through malicious applications. With 30 per cent of Canadian smartphone and tablet owners admitting they do not pay attention at all to app permissions, and 35 per cent paying attention only sometimes, cyber-scrooge criminals are ready to pounce.
“Every holiday season, cybercriminals get as excited as children on Christmas day,” said Brenda Moretto, Canadian Consumer Sales Manager at McAfee Canada. “They know that many consumers will be spending increased amounts of time online to shop, make travel plans, or connect with friends and family. They even know that many Internet users don’t have adequate security protection on their Internet-enabled machines and devices. If consumers aren’t diligent about surfing safely and protecting the personal and financial information online, they will make some criminals out there very happy.”
Tis the season for consumers to spend more time online shopping for gifts. Nearly 89 per cent of Canadians who plan on shopping online during the 2012 holiday season will use a personal computer to do so, and 31 per cent will use a smartphone (20 per cent) or a tablet (19 per cent). More than half of the Canadians who plan on shopping during the upcoming Boxing Day indicate they will be doing so online. In anticipation of cybercriminal activity designed to take advantage of the holiday spirits, here are the 12 Scams of Christmas, the dozen most dangerous online scams to watch out for, revealed today by McAfee.
- Social Media Scams – Many consumers use social media sites to connect with family, friends and coworkers over the holidays, and cybercriminals use these channels to catch users off guard. Here are some ways that criminals will use these avenues to obtain shopper s gift money, identity or other personal information:
- Scammers use channels like Facebook and Twitter in the same way they use email and websites to scam consumers during the holidays. Be careful when clicking on or liking posts while taking advantage of contests, ads and special deals that you get from your friends that advertise the hottest holiday gifts, exclusive discounts at local stores and holiday-related job postings. Be on the lookout for your friends’ accounts being hacked and sending out fake alerts to all their connections.
- Twitter ads and special discounts for popular gifts are especially huge around Boxing Day, and they utilize blind, shortened links that may be malicious. Criminals are getting savvier with authentic-looking social ads and deals that take consumers to legitimate-looking websites. In order to take advantage of the deals or contests, they ask users for personal information including their credit card number, email address, phone number and home address.
- Malicious Mobile Apps – Earlier this year, both Apple and Google announced that they had each garnered more than 25 billion downloads from their app stores. But as the popularity of mobile applications has grown, so has the chance that users could download a malicious application designed to steal their information or even send out premium-rate text messages from their phones without their knowledge.
- Travel Scams – Before shoppers make holiday travel plans to visit family and friends, they need to keep in mind that scammers want to hook them with too-good-to-be-true deals. Phony travel webpages with beautiful pictures and rock-bottom prices are used to entice users to hand over their financial details.
- Holiday Spam/Phishing – Many of the spam emails that shoppers are used to seeing will take on holiday themes. Cheap designer watches and pharmaceuticals may be advertised as the perfect gift for that special someone.
- iPhone 5, iPad and Other Hot Holiday Gift Scams – The excitement and buzz surrounding Apple’s new iPhone 5 and iPad Mini create the perfect environment for cybercrooks to plot and carry out their scams. They mention must-have holiday gifts in dangerous links, phony contests and phishing emails to grab readers attention and entice them to reveal personal information or click on a dangerous link that could download malware onto their machines.
- Skype Message Scare – People around the world will use Skype to connect with loved ones this holiday season, but they need to be aware of a new Skype message scam that attempts to infect their machines and even hold their files for ransom.
- Bogus Gift Cards – Another tactic used by cybercriminals is to offer bogus gift cards online. Shoppers need to be wary of purchasing from third parties to avoid the risk being scammed.
- Holiday SMiShing – SMiShing is phishing via text message. Just like with email phishing, scammers pretend to represent legitimate organizations in order to lure shoppers into revealing information or performing an action they normally wouldn’t do.
- Phony E-tailers – Phony e-commerce sites that appear real try to lure users into typing in their credit card number and other personal details, often by promoting great deals. But after giving this information, shoppers never receive the merchandise and their personal information is put at risk.
- Fake Charities – This is one of the biggest scams of every holiday season. As holiday revelers open up their hearts and wallets, the criminals hope to take advantage of their generosity by sending spam emails advertising fake charities.
- Dangerous e-Cards – E-cards are a popular way to send a quick thank you or holiday greeting, but some are malicious and may contain spyware or viruses that download onto users’ computers once they click on the link to view the greeting.
- Phony Classifieds – Online classified sites may be a great place to look for holiday gifts and part-time jobs, but beware of phony offers that ask for too much personal information or ask for funds to be wired via Western Union, since these are most likely scams.
According to a recent Leger Marketing online survey of 1,500 Canadians aged 18 years or older commissioned by McAfee Canada in April 2012, an overwhelming 83 per cent of Canadians have at least some concerns with surfing the Web. In the course of a year, the number of Canadians who believe they are protected from threats such as increased activity in the number of domains, IP addresses and URLs with malicious reputations has dropped significantly from 22 per cent to 10 per cent. Furthermore, according to a McAfee-commissioned global study from September 2011, Canadian consumers place an average value of $48,000 on the digital assets they own across multiple digital devices, yet more than one-third of Internet users worldwide don t have security on all of their Internet-enabled devices.
“Using multiple devices provides the bad guys with more ways to access your valuable Digital Assets such as personal information and files, especially if the devices are under-protected,” said Paula Greve, director at McAfee Labs. “One of the best ways for consumers to protect themselves is to learn about the criminals tricks so they can avoid them. Beyond that, they should have the latest updates of the applications on their devices in order to enjoy a safe online buying or other experience. We don’t want consumers to be haunted by the scams of holidays past, present and future – they can’t afford to leave the door open to cyber-grinches during the busy holiday season.”
McAfee Canada maintains a website called “The State of Consumer and Enterprise Security in Canada” in order to provide a one-stop shop for writers looking for information on a variety of trends and issues affecting and shaping the Canadian security landscape. Feel free to check out the McAfee Canada resource site for security information, statistics, story ideas, and access to published McAfee surveys and studies
Survey Methodology – This survey was conducted online within Canada by Harris Interactive on behalf of McAfee from September 25 – October 3, 2012 among 1,019 adults ages 18 and older. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact Matt Clark with DKC News at 212-981-5158 or matt_clark-at-dkcnews-dot-com. This online survey of 1,500 Canadians, 18 years of age or older, was completed over the period April 16-19, 2012 by Leger Marketing. A probability sample of the same size would yield a margin of error of +/- 2.5 per cent, 19 times out of 20.