Online shopping scams could become a major security threat in the weeks leading up to Christmas as consumers eagerly type in credit card numbers, click on discount coupons and participate in online promotions, security experts worry.
Instead of moneysaving deals, e-mailed coupons could lead recipients into "phishing" schemes where the consumer is redirected to a copycat site, whose real purpose is to siphon the user's credit card information, passwords and other financial data, IBM Corp. security executive Christopher Rouland warned.
"That 50-percent-off, one-use coupon could go to a compromised computer in Kazakhstan," said Rouland, chief technology officer for Internet security systems at Big Blue, which controls more than 1 million "phish trap" e-mail addresses that discovered 867,000 scams in the third quarter. "The quality of malware is very high."
IBM is urging online shoppers not to click on links within e-mails that appear to come from an online retailer. Instead, open a new Web browser, go to the retailer's site, navigate to special coupons or promotions and see if it's there.
Brian Trombley, a product manager for computer security firm McAfee Inc., said holiday phishing scams are shaping up to be an "extraordinary problem" this season.
No single giant retailer has been a particular target of holiday attacks; eBay Inc.'s PayPal unit is still an overwhelming target of scammers.
"The scammers are getting more and more sophisticated," Trombley said. "They're using better English, they're getting better at copying real sites and making their site look like the real thing."