In the run up to the holidays, gifts, decorations and vacation packages are just a few of the most searched-for items on the Internet.
Unfortunately, cybercriminals know this too and are hard at work cheating innocent users out of their hard-earned money by poisoning search results for these popular festive subjects – and at a time when many forego their usual online safety practices.
Trend Micro recently discovered a scam spreading via Twitter that used gift vouchers as bait. The scam spreads through the help of users who have got into the habit of re-tweeting messages.
The tweet features a shortened URL and a message that promises a free gift voucher from various online shops, snaring users interested in the best festive deals. The URL leads to a website that entices users to complete surveys and refer friends to earn points. However, the survey site is not related to any of the legitimate sites that are mentioned on their page.
On examination of the website, Trend Micro noticed that the domain was registered in late October, which indicates that the site may have been set up to take advantage of the upcoming holidays. Twitter has suspended the main account that had been spreading the tweets, but users should show caution and be on the lookout for similar scams this festive season.
While this threat may seem easily avoidable, users are required to click on the re-Tweeted link as well as complete surveys.
“The fact that this threat is being spread through a social networking site and being hidden by a shortened link makes it appears harmless, and even legitimate. One has to be extra vigilant while surfing the net at this time of the year. Cybercriminals go to great lengths to make scams appear legitimate from genuine websites,” commented Chris Moore, General Manager, Middle East, Africa & Med’, Trend Micro.
“One click is all it takes to get your machine infected with malicious software. To avoid falling victim to scams users must avoid clicking suspicious-looking links even if they are tweeted or re-tweeted by trusted contacts. Investing in a solid security suite that is capable of blocking malicious websites before they can harm you or your system is also a sound decision in making sure that you and your family stay protected,” added Moore
Cybercriminals adjust search engine results that lead traffic to malicious websites. By using blackhat search engine optimization (SEO) techniques, cybercriminals ensure that the malicious sites appear to be the most relevant and therefore the most attractive link to users.
Trend Micro’s dos and don’ts for the festive season:
They say that Christmas is the season to be merry, but it is also a time to be most wary. Users should be extra vigilant at this time of year. Here are some best practices to follow:
- Directly type the URL of the online e-commerce site that you want to do your shopping on, instead of searching for it in search engines. This eliminates the risk of falling prey to poisoned searches.
- Do not click suspicious-looking URLs even if they appear as top search engine results. A clue that a URL may be malicious is if any or some of its components are made up of a string of random characters.
- Read the overview of the search result. The search result can also be considered suspicious if the overview does not provide a sensible brief description of the site itself. If it consists of randomly-stuffed keywords, then you can consider that page tampered with.
- Install a good URL-filtering program that can be integrated into browsers. Trend Micro’s Web Protection Add-On is one of these.
- Keep in mind that the best things in life are hardly ever free and if an offer sounds too good to be true, it probably is!
Thursday, December 16- 2010 @ 10:56 UAE local time (GMT+4) Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of Mediaquest FZ LLC.