CBI Warns on Malvertising Scams Targeting Shoppers this Christmas

The Colorado Bureau of Investigation is warning shoppers and web users to watch out for malicious advertising scams targeting user’s banking information during this Christmas holiday.

Christmas is finally here, a time of the year when everybody is chasing or being chased be a hot deal. We’re all looking forward to making a kill either by buying at ridiculously low prices or making astronomical sales if you are on the other end of the Christmas equation.

Well, amid the fanfare and impulse buying that comes with Christmas, there comes the online fraudster who are too very active during holidays. They are quietly sitting in a dark corner of a Point of sale (POS) terminal or in a public Wi-Fi of your favorite shopping mall, ready to pounce on your banking information and swipe clean your account.

The losses, both financial and emotional resulting from online scams each year are immeasurable yet shoppers keep falling into phishing traps year in year out. In the last few weeks, the FBI and US-CERT have been beating drums warning users against an increasing number of Holiday scams possibly to save a few from being devoured financial this holiday. Now, the Colorado Bureau of Investigation (CBI) is the latest agency to warn shoppers and web surfers about malicious advertising scams (Malvertising) designed to steal their banking information.

Malvertising is not a new cyber threat, it is a decade-old hackers’ tool that pays-off handsomely. It all starts with a marketing ad or a promotion coupon that promises huge discounts on “limited stock”, something like 85% discounts. Clicking on the ad, downloading the coupon or hovering over the ad, automatically downloads a data stealing malware into your computer system.  The attacker remotely controls the malware to collect saved passwords, usernames and hopefully get your banking details such as Credit card numbers and PIN.

Malvertising scams are popular during holidays when many shoppers are searching for favorable prices. The US Computer Emergency Readiness Team (US-Cert) advises internet users “to remain vigilant when browsing online this holiday season.” The agency warned users against unrealistic marketing Ads, shipping advertisements, E-gifts and shipping notifications that may contain malicious links.

Unlike typical hackers who use brute force to break into computer systems, phishing masters employ soft social engineering skills to lure the users into giving out their usernames and password. Most common scams employ bogus emails allegedly sent from your service provider such as you bank indicating a problems in your account.

“In this scam, you are directed to follow a link or call the number provided in the message to update your account or correct the problem,” says the FBI, adding that clicking on the link will  direct the user to a spoofed website designed to steal their username and password.

Identifying a phishing scam is easy, it only requires one to be a little bit keener and pay attention to fine details while traversing the World Wide Web. In case of Malvertising, the greatest weapon is our rational judgment.  Always think twice before clicking on unrealistic discounts on limited stock from unknown vendors.

In case of email scams, an anti-spam software would go a long way in helping you steer away from Phishing masters and their antics. An anti spam software marks all phishing emails as spam and tucks them away in a spam folder ensuring they never get into your inbox. So unless you access the spam folder, you will never get to click on malicious phishing links.

Notably, Bitdefender ranks PayPal, eBay, Yahoo, Facebook and LinkedIn as the most abused brands by online scammers’ with a majority of phishing attacks launched through these social media platforms.  Usually, scammers take advantage of a popular event or software release from the company to catch the attention of service subscribers.

As a rule of thumb, always be suspicious about emails from your banks, online payment provider or other service providers such as Gmail, yahoo or Hotmail. Such emails should be taken with a pinch of salt and if possible call the service provider to verify the source of the email. Most often than not, your bank will never ask you to update your details over the internet.

Ali Qamar Ali Qamar is a seasoned blogger and loves keeping a keen eye on the future of tech. He is a geek. He is a privacy enthusiast and advocate. He is crazy (and competent) about internet security, digital finance, and technology. Ali is the founder of PrivacySavvy and an aspiring entrepreneur.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.