NEW YORK (CBS NEWS) – Online shoppers this holiday season may be getting more than they bargained for: Alongside gadgets, clothes and stocking stuffers, many are picking up invasive computer viruses.
Malware infections spiked by almost 124 percent from Black Friday through Cyber Monday, according to data from Clearwater, Florida-based Enigma Software, which sells SpyHunter antimalware software. That’s on top of a doubling of infections during the same period last year. The cities with the biggest spikes were Charlotte, Detroit, New York and Salt Lake City.
Scammers are moving opportunistically to profit from a period during which consumers are particularly vulnerable: An influx of novice online shoppers starts scouring for deals, online shopping hits its annual peak and retailers aim to make it as easy as possible for customers to close the deal.
The scam artists deliver their malicious payload by tricking consumers into clicking links — many of them delivered via emails disguised as shipping notifications, special offers and spoofed messages in which a retailer purportedly gives you a chance to reverse a transaction you never actually made.
“Anytime there are more people who are online engaging in any activity, there’s a greater chance there are going to be more infections,” said Ryan Gerding, a spokesman for Enigma, which has 250 global employees. “There’s more people. There’s more traffic. There’s more opportunity.”
In 2016, the volume of cyberattacks spiked about 20 percent during the November to December period, correlating with the annual bump in online shopping, and attacks are on a similar pace for 2017, according to Carbon Black, a cybersecurity firm with 3,000 global customers. The culprits range from spoofed holiday greeting messages to online gift cards and bogus shipping notifications.
“We’ve seen a number of massive hacks and data breaches this year, and cybersecurity has never been more top of mind than it is today,” said Carbon Black CEO Patrick Morley, in an email to MoneyWatch. “Despite this notion, there’s still room for improved education and awareness for the general public around proper security hygiene. Black Friday and Cyber Monday bring great deals and convenience to online shoppers, but also provide hackers an opportunity to prey on unsuspecting consumers.”
Many of the potentially dangerous messages that are designed to spoof legit customer emails are flagged by authentication firms and intercepted in email spam folders. One such firm, ValiMail, which has clients including Yelp and Uber, reported a huge spike in “fraudulent email attempts” over the Thanksgiving weekend: up 38 percent on Thanksgiving Day, 23 percent on Black Friday and about 54 percent on the following Saturday.
Pretty much anyone can be a target — 89 percent of consumers are likely to purchase a gift online this holiday season, and 69 percent expect to do all or most of their shopping online (up from 54 percent last year), according to a survey by the computer-security powerhouse McAfee.
Of those surveyed, 18 percent said they believe it’s unnecessary to use security software. On the bright side, more consumers (53 percent, versus 46 percent last year) are taking precautions to secure their devices.