Holiday shopping scams give hackers access to your data

Christmas is just over two weeks away and according to the National Retail Federation, the average American shopper will make 44 percent of their purchases online this holiday season. With this in mind, cyberthieves are ready to target anyone with an email address, reports CBS News correspondent Jan Crawford.

They're called phishing scams, e-mails disguised to look like delivery notifications or confirmation e-mails. During the holidays, it's not unusual to get several legitimate e-mails a day, but security experts are warning shoppers about a slew of scam e-mails circulating this holiday season that can infect your computer and even steal your personal information.

How can holiday shoppers protect themselves from fraud?

"It's seasonal," Better Business Bureau president and CEO Claire Rosenzweig said. "Hackers will use the season to take advantage of you."

She said the high volume of online holiday shopping makes this time of year ideal for cybercriminals.

"Everybody's all excited. They're shopping, they're shipping and scammers love this because we're all trusting," Rosenzweig said.

Online orders are tracked by confirmations and delivery updates. Scammers posing as retailers, banks or even shipping companies send emails that look real with subject lines like "order confirmation," "status notification" or "package undeliverable."

"If you open these links or attachments there is a good chance you are putting malware or spyware onto your computer," Rosenzweig said. "It can sit there dormant and take your keystrokes months down the line so you may as well just open up all your personal information at that point."

Sometimes just by opening an e-mail, hackers can access sensitive information such as passwords and bank account information.

Lindsey Turrentine, editor-in-chief of CNET.com, said these so-called phishing scams are evolving.

"The concept of phishing isn't new, and that's getting you to voluntarily share your information by posing as another party," Turrentine said. "But what's new is this approach called spear-phishing which means getting even more specific and targeted to you."

Cybersecurity analysts like "Krebs on Security" have issued new alerts about spear-phishing scams urging consumers to think before they click.

"Don't just fall for that impulse to click on the link," Turrentine said. "Take the extra moment and go to the source, find out the real phone number, the real URL and find out what is going on before you react."

If you get an e-mail you don't expect, take a moment to investigate it before opening the attachment or selecting the link. If the sender asks for any personal information without you first logging in, it's likely bogus. Open up another web browser and go to the actual company's website to check the message's validity.