Scam of the season

Every festive season brings with it an increased activity in scams and phishing attempts. The last month of 2007 was no exception.

  • E-Mail
By  Sathya Ashok Published  January 16, 2008

Seasonal fraud is not really unknown. It is quite common for scamsters and criminals to get extra-active during the festive season and the close of a year. The general good mood among most consumers means that their guards are slightly down and they are more willing to trust e-mails and websites claiming to possess something of interest with relation to the season.

Usually what we advise is don’t respond to unsolicited mail – now that advice is not as valid anymore, so it changes what threats people have to focus on

December was true to form that way.

Trend Micro warned internet users to be wary of online criminals bearing false festive cheer this season.

In recent years many people, especially those with families living abroad, have adopted the practice of sending seasonal messages using e-mail, replacing the traditional greetings card. This opens them up to a current fraudulent technique, which involves the creation of malicious websites, according to the security vendor.

These show up on popular search engines by using common seasonal phrases such as "Eid Mubarak" or "Christmas gift shopping". When shoppers obtain their search results, they can also acquire links to sites hosting various malware designed to steal a user's financial information as well as identity.

"Holidays are a soft opportunity for online criminals, who take advantage of the increased internet traffic," said Samir Kirouani, senior technical engineer, Trend Micro Middle East and Africa. "With a spike in the amount of websites and e-mails geared towards seasonal themes, there is scope for online browsers to confuse authentic sites with fraudulent ones," he added.

Trend Micro was not the only company tracking the extent of online scams near the end of the year. Security firm Fortinet also cautioned online shoppers to be wary in the festive season. The company also reported that the new trend in online scams was to manipulate search results to send unwary shoppers to bogus sites.

The scam, according to Fortinet, targeted popular search engines, using search engine optimisation (SEO) a process which exploits the way search engines collect data and rank sites in order to make the bogus sites appear as popular results for user searches.

Fortinet discovered a network of sites using Christmas shopping related terms to try to misdirect online shoppers to sites that would attempt a ‘drive-by' installation of malware, with a variable payload. The sites only attacked shoppers using Internet Explorer, redirecting other browser users, and could also only be accessed through search referral, rather than direct access, to hamper security researchers.

Guillaume Lovet, threat response manager at Fortinet EMEA commented: "Basically what these sites are doing is abusing the Google algorithm, through loading sites with lots of pages, all with keywords relating to Christmas, so when [a user] entered ‘Christmas' into the search engine, these malicious sites would be in one of the very first positions.

"It is interesting in the sense that when Christmas approaches, or other occasions, we usually see scam e-mail trying to get people to click on fake sites, that are either selling bogus items or simply stealing credit card numbers," he added. "Usually what we advise is don't respond to unsolicited mail - now that advice is not as valid anymore, so it changes what threats people have to focus on."

Just goes to show there is never a good time to trust the internet without a second thought.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code