On the first day of Christmas, my hacker gave to me


Staff member
Mar 24, 2011
Summary: .. a GTA app that I thought was free.

By Charlie Osborne for Zero Day |November 13, 2013 -- 08:40 GMT (00:40 PST)


Online threats are part-and-parcel of life on the Web -- but the end of the year proves to be a lucrative time to give cybercriminals the gift of your bank details or personal data.

As the holiday season comes in to full swing, more consumers use online banking and retail sites to complete their Christmas shopping. However, consumers are often duped by a number of tactics employed by criminals to profit from a lack of security awareness.

A recent Trend Micro report suggests that mobile banking malware has rocketed this year, encompassing phishing campaigns, malicious applications and replica websites designed to steal your financial details. It is now not only Android users at risk, as Apple iOS phishing sites are also being created to lift personal and financial data from duped users.

Michelle Dennedy, vice president and chief privacy officer at McAfee commented:
"The potential for identity theft increases as consumers share personal information across multiple devices that are often under protected. Understanding criminals' mindsets and being aware of how they try to take advantage of consumers can help ensure that we use our devices the way they were intended – to enhance our lives, not jeopardize them."

So what are the main scams you should be aware of this holiday season -- and how can you prevent your bank account from being compromised? According to McAfee, the top scams employed in 2013 over the festive period, based on popular consumer habits, are:

1. Mobile apps lacking Christmas cheer:

Due to the explosion in popularity for mobile devices, cybercriminals are now the creators of legitimate-looking apps that feature holiday shopping deals, celebrity endorsements and time-sensitive offers. However, these often-free applications, once downloaded to your smartphone or tablet, may steal or modify your data. Malicious apps may intercept your communication, steal your banking data, and may forward you to premium services. In addition, an app may bypass authentication systems by asking for a code to be sent to your mobile device.

How to stay safe: Review applications before downloading. In particular, check out its star rating, and what others have said about the software.

2. Holiday Mobile SMS Scams:

When you choose to download apps or files from the web, FakeInstaller tricks Android users into thinking the download process is legitimate -- and may send SMS messages from your mobile to premium rate numbers without your consent.

How to stay safe: Double check the legitimacy of files and apps you are downloading.

3. The hottest gifts this season in scams:

As belts tighten, many of us look for holiday gift and travel deals online. However, malicious links to fake websites, phishing scams and phony contests on social media can all be gateways for cybercriminals to gain access to your personal data or download malware on to your devices.

How to stay safe: Purchasing from official retailers lessens the risk of being duped, and try to verify low prices that look too good to be true.

4. Seasonal Travel Scams:

Emailed and social media travel deal links and notifications -- whether through shared content, competitions or paid-for advertising can all be used to trick users into submitting their personal data. In addition, if PCs become infected with spyware or malware when visiting a malicious site, scammers can install keyloggers or convince you to complete a fake purchase.

How to stay safe: If something looks too good to be true, it probably is -- and you can save yourself heartache by following a few simple rules. If a website offer looks too good, then conduct a quick review on Google, such as "thiswebsite.com reviews" to find out if the service is legitimate, and don't forget to regularly perform anti-virus sweeps. If you conduct online purchases, two-step verification purposes may help you if you accidentally give away your details.

5. E-Seasons Greetings? Not quite:

Merry Christmas, here's your malware. Postcards and snail mail seasons greetings are giving way to e-cards as a way to wish your friends and family a Merry Christmas -- and so naturally, malicious apps and software are in on the consumer trend. Legitimate looking e-cards may cause unsuspecting users to download viruses after clicking a link or attachment in an email.

How to stay safe: Check gift cards that you receive for suspicious misspellings in your name, the company's, or in the subject title. If you're concerned, it's best to simply click the delete button.

6. Malicious online games -- Be careful of the kids:

A common problem, many malicious apps pretend to be popular games on smartphones and tablets. From Angry Birds to Grand Theft Auto, malicious apps can be found within the Android and iOS ecosystem -- so if you hand over your device to amuse children, be aware of the games' sources. Malware, in-app purchases and social media pages embedded in the apps can all threaten your device's security -- and any accounts linked to it.

How to stay safe: Talk to your children about how to spot and avoid potential scams, and only allow them to download apps under your supervision -- where you can check the rating and comments left about an application. Buying and downloading games from reputable sources will also help.

7. Waiting for gifts to arrive? Don't be fooled:

Fake shipping notifications can pretend to give you updates on product deliveries, but in reality, can be scams that carry malware and software designed to infect your PC and devices. Some may ask you to click on links and input bank or address details.

How to stay safe: If it looks suspicious, contact your bank directly via phone, secure website, or in-person, and never input any bank-based details. In addition, checking the domain name on shipping emails is usually a sure-fire way to check legitimacy.

8. Gift cards that are not always what they seem:

Gift cards are an easy option in the holiday season, but deceptive social media ads touting exclusive packages and deals can lead to fake purchases.

How to stay safe: Check the domain name and reputation of a seller before making any purchases.

9. Giving to charity, or a criminal's pocket?

Donating to charities is common this time of year, but cybercriminals capitalize on this -- and fake charity events and websites put donations straight into their pockets.

How to stay safe: Do background research on the charity you’d like to donate to, and do not give out personal information if you have the slightest suspicion things are not what they seem.

10. Are you the one?:

Romance scams are a constant threat to online users. Whether short or long term, users of dating sites are conned out of their hard-earned cash every day -- paying for an online person to deal with an emergency, or paying for them to visit. However, messages sent from a potential "love interest" can also include phishing scams, where the person accesses your personal information such as usernames, passwords, and credit card details.

How to stay safe: Log on to trustworthy dating sites, and no matter how nice the person seems to be, be extremely careful about giving out personal information -- and never give any money away.