Cyber Monday kicks off a busy online shopping season. In fact, 80 percent of annual online sales occur during the four weeks between Black Friday and the weekend before Christmas, according to Veracode, an online security company.
And while steals and deals await many, so do scams targeting these online shoppers.
So what scams should you be aware of for Cyber Monday and the holiday season?
On "The Early Show," Jennifer Jolly, tech lifestyle editor at Tecca.com, a technology review website, shared some of the top scams shown below.
1. Malicious Mobile Malware:
A recent National Retail Federation (NRF) survey found that 52.6 percent of U.S. consumers who own a smartphone said they will be using their device for holiday-shopping related activities, whether it's to research products, redeem coupons, or purchase holiday gifts. Malware targeted at mobile devices is on the rise, and Android smartphones are the most at-risk. Security software company McAfee cites a 76 percent increase in malware targeted at Android devices - making it the most targeted smartphone platform.
Jolly advised consumers to be aware of suspicious quick response (QR) codes.
Jolly said, "It is so scary. So many of you using our mobile phones to look up coupons...and buy things at the checkout stand. So, of course, cybercriminals go right to what we are using and that is mobile phones. So these QR, those quick response codes, you scan them and they can take right you to a website or a coupon or to a magazine article - or right to the laps of the cyber-criminals."
Jolly advised smart phone and tablet users to think of their devices like they do their computers. She said, "Most people don't think twice about getting (protection) on their computer these days. Get it on your smart phone or tablet as well. Also, only download apps from official app stores, from iTunes or from the Android app store. Download an app to preview the QR code first. I use an app called RedLaser and that will at least let you check out what that URL is, what that web address is.
"If it's .exe, don't go to it."
2. Fake Facebook/Twitter Promotions:
Social media sites are great places for companies large and small to create targeted promotions. But unfortunately, they are also great places for scammers to post phony promotions aimed at grabbing your information and money, Jolly said.
She explained the posts appear to be from friends, but are actually spam messages distributed through malicious code. Once you click on the link and arrive at the scam page, you are asked to "share" the promotion by clicking on a "like" button that automatically posts to your wall with the scam. You are then offered a choice of surveys that ask for your personal information. Your information is subsequently passed along to spam lists.
So how can you tell a legitimate social media promotion from a fake one? Here are some tips to help you identify these promotional scams:
1. Don't give any private information
2. Use a direct link to company page
3. Visit retailers' websites directly if possible (e.g., www.amazon.com vs searching "Amazon" on Google)
Jolly shared a copy of a Cheesecake Factory scam that she said made the rounds online and duped millions of people.
"This one is no fault of the stores or the Cheesecake Factory," she said. "One of the red flags with that one is saying, download this app. [Also]. it's against Facebook policy to make you like something to get something, that tit for tat. 'Share this with your friends and we will give you this in return.'"
"If it looks too good to be true, it is," she added. "You're not going to win an iPad right now. You're not going to win two free plane tickets. Don't share your private information, no matter what. Use the direct link to the company site. So if it takes you off to this other weird site, don't go to the dark alleys of the Internet."
Jolly said people should also be suspicious of any promotions that make you do a lot of work, such as fill out surveys, and third-party offers for little in return.
Additionally, uncharacteristic posts or messages from people you know (doesn't sound like their voice/wording), should also be suspect, Jolly said.
3. Fake Bank/Shipping Alerts:
Be leery of e-mails or text messages you receive indicating a problem or question regarding your financial accounts. If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act impulsively. In this kind of scam, you are directed to follow a link or call the number provided in the message to update your account or correct the problem. The link actually directs the individual to a fraudulent Web site or message that appears legitimate; however, any personal information you provide, such as account number and personal identification number (PIN), will be stolen. This can be from a bank - there's a fake one from UPS going around. It could even be from a hotel you recently stayed in saying there's a problem with your bill.
So what should you do?
Jolly said you shouldn't click links, call a number or give any information out. You should instead call your bank directly.
4. "It" Gift/Coupon Scams:
Every year there are hot holiday gifts, such as toys and gadgets that sell out early in the season. When a gift is hot, not only do sellers mark up the price, but scammers will also start advertising these gifts on rogue websites and social networks, even if they don't have them. Consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse.
An estimated 63 percent of shoppers search for online coupons or deals when they purchase something on the Internet, and recent NRF data shows that consumers are also using their smartphones (17.3 percent) and tablets (21.5 percent) to redeem those coupons. But watch out, because the scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information.
One popular scam is to lure consumers with the hope of winning a "free" iPad. Consumers click on a "phishing" site, which can result in email spam and possibly dealing with identify theft.
So what should you do?
Jolly recommended using internet security software that features browsing protection. Additionally, she suggested users always check a site's URL before making any purchase (look to make sure you're at the correct online store and that the page URL begins with https://, which usually means it's secure).
Jolly said, according to cyber security firm F-Secure, these items will be the most targeted gifts this year:
- Apple iPhone 4S
- "Harry Potter and the Deathly Hallows, Part 2" DVD
- "Angry Birds: Knock on Wood Game"
- Steve Jobs biography
- Fijit Friends Willa Interactive Toy
- Michael Buble "Christmas" album
- Apple iPad 2
- Kindle Fire tablet
- Silver "Heart" pendants
- "Call of Duty: Modern Warfare 3"