Several e-commerce and e-mail analysts began warning Netizens on the eve of Thanksgiving that holiday shopping season this year could be especially treacherous in cyberspace, thanks to cyberscammers like phishers ramping up their scams as consumer spending in cyberspace is expected to jump 25 percent.
That's the call from global consumer behavior analysts comScore, which said more shopping each year's holiday season is done from the office, provoking fresh concerns about worker security and exposure to liability as well as fraud.
E-mail filtering firm SurfControl's Global Threat Command Team said November 24 that phishing attacks – faked e-mail and Web pages made to resemble legitimate businesses and looking to lure surfers into giving up personal financial information – have jumped 1,200 percent since January, 48 times as fast as growth in online spending.
"Phishing is pervasive and it's dangerous. And 'tis the season when people will be most vulnerable to such scams," said SurfControl vice president of global content Susan Larson. "Companies need to take steps to protect employees from such attacks. Phishers have become far more sophisticated in the past year, recruiting spammers, hackers, virus writers and Web design pros to build the perfect beast."
Larson said recent weeks have found suspected phishing moves becoming far more realistic and pervasive than when the scam style was first discovered a few years ago. Banks, financial services like PayPal, online auction sites like eBay, and even – and especially, in the past few months – Rolex watches, actual or copies, have been used to advance phishing attempts.
Internet privacy watchdogs TRUSTe say seven of 10 online have been phishing targets with 15 percent of those targeted estimated to have fallen for the scams.
Employers should set acceptable use policies for online shopping and put in place systems to filter suspicious e-mail, Larson said, adding that workers should be trained as well never to answer any unsolicited e-mail bid for personal information and even contact the company whose correspondence or pages have been seen in the e-mail as soon as possible.
"Exercise caution, common sense and control over personal data," Larson said.
SurfControl said their database's spam count indicates eight percent of the 200,000-plus digital spam fingerprints their Global Threat Command Team compiles involved phishiing e-mail.
One factor that often tripped up a phisher in the past was the fact that many messages contained too-obviously misspelled words or familiar names in subject lines and message texts. But SurfControl said that phishers now take better care in preparing their messages and Web pages, not to mention hiding behind common spammers, hackers, virus writers, and even unscrupulous Web designers.
Other current phishing attacks have included emails claiming to confirm eBay purchases through PayPal accounts and even one believed to send children greetings from Santa Claus in return for their sending home or e-mail addresses. There was also reported to have been one promising $200 gift cards from Macy's department stores, SurfControl said.
Larson thinks the latter especially indicates the presence of phishers who harvest live e-mail addresses for mass resale. "There is no Santa Claus coming to you this season on e-mail," she said.
