Published: December 17, 2008 01:50 pm      

Avoid cyber space shopping pitfalls this holiday season

By Cristin Ross

cross@jacksonvilleprogress.com

No crowds, no lines, no traffic — shopping via the Internet can take some of the hassle out of the holidays, but officials are reminding consumers to keep their guard up even in cyberspace.

The Jacksonville Police Department and the Better Business Bureau warn against three popular e-mail phishing scams this holiday season.

“Remember, if it sounds too good to be true, it probably is,” said Detective Tonya Sonntag, JPD Crime Prevention officer. “Some are legitimate, but most aren’t — it’s hard to tell sometimes. When in doubt, check it out.”

The BBB reports hackers and scammers are impersonating customer service personnel from some of the biggest names in business — including FedEx, UPS, and Wal-Mart.

“Hackers are impersonating well-known companies that do a lot of business this time of year in order to quickly earn recipients’ trust and gain access to computer drives, files and accounts to steal personal information such as Social Security, bank or credit card numbers,” the Tyler-area BBB Web site states. 

The BBB reports the three most popular phishing e-mails that have been spotted this year:



Shipping

Hackers pretend to be from shipping companies claiming that there is a problem with delivery of merchandise. Commonly, the e-mail will include a hyperlink for recipients to click that will take them to another Web site that might install malware, software designed to infiltrate or damage a computer system without the owner's informed consent, or solicit personal information. A message currently making the rounds has a subject line that looks like, “Subject: Tracking Number 13040065504.” The body of the message claims that a package couldn’t be delivered and advises the recipient, “To take your package back you should print the copy of invoice that is in the added file.” Of course, the attachment is actually a virus that will infect the computer if opened.

“FedEx does not request, via unsolicited mail or e-mail, payment or personal information in return for goods in transit or in FedEx custody,” states the shipping company’s Web site in a release addressing the phishing matter. “If you have received a fraudulent e-mail that claims to be from FedEx, you can report it by forwarding it to abuse@fedex.com.

“The Internet is an important channel connecting FedEx to its customers. While there is no foolproof method to prevent the unauthorized use of the FedEx name, we continuously watch for such activity in order to help safeguard our customers’ interests.”

The UPS has also posted information on potential phishing scams using their logo on the company’s Web site.

“UPS may send official notification messages on occasion, but they rarely include attachments,” the site states. “If you receive a fraudulent or suspicious e-mail that claims to be from UPS, do not respond or select any links associated with the e-mail. Please report the activity by forwarding the e-mail to fraud@ups.com and delete the original.”

BBB ADVICE: Instead of clicking on the link in the e-mail, go directly to the shipper’s Web site or contact the company via phone in order to confirm whether there is a shipping problem with your package. Do not open attachments to unsolicited e-mails.



Surveys offering holiday spending cash

In an effort to take advantage of cash-strapped holiday shoppers, phishing e-mails are circulating pretending to be from retailers such as Wal-Mart, McDonald’s and L.L. Bean. One e-mail has a subject line that reads, “Online Survey from Wal-Mart Stores!!!”

The body of the message states, “This survey has been sent only to a few people from our random generator!”, and “You’ve been selected to take part in our quick and easy 9 questions survey. In return we will credit $90 to your account — Just for your time!” Ultimately, the e-mail includes a link to a Web site where the recipient is supposed to take the survey, but in fact leads to a phishing site.

“I’ve talked with a number of people who’ve done these surveys and not one has ever received their gift card,” Sonntag said. “All they got was even more spam e-mail.”

Jacksonville Wal-Mart’s Assistant Manager Luisa Villegas said the store only offers promotions at the store level, never through an e-mail.

“We’ve gotten calls here from people who have received these e-mails, asking what to do,” Villegas said. “If you do get an e-mail like this, it’s best just to ignore it.”

Villegas said customers can check an e-mailed promotional offer’s validity by calling 1-800-Wal-Mart.

BBB ADVICE: Do not respond to unsolicited e-mails that promise money for answering surveys. Spam e-mails that offer big rewards with little effort will almost invariably cost you in the end.



E-cards

E-cards are an extremely popular-and inexpensive-way to deliver season’s greetings to loved ones. Typically, with legitimate e-cards, the recipient receives an e-mail with a hyperlink that will take the user to the e-card which is housed on a Web site. Unfortunately, by design, e-cards are an extremely easy way for hackers to disguise their phishing e-mails and direct users to their Web sites which install viruses and malware.

Consumers should think twice before clicking on a link in an e-card e-mail as the hackers will often use logos from recognized brands and companies in order to appear legitimate.

BBB ADVICE: Phishing e-mails posing as e-cards can be difficult to spot. Spelling and grammatical mistakes are a huge red flag. Also, don’t follow the link in an e-card if you don’t recognize the name of the sender.

Consumers who receive suspicious e-mails should report them to the Internet Crime Complaint Center at www.ic3.gov.

Sonntag also reminds Internet consumers to make sure any site they’re doing business with is a secure one.

“It needs to have the lock icon in the corner or an https address,” she said. “Also remember to never give out information over the phone unless you know for sure who you’re talking to — meaning you called them, not the other way around. Get phone numbers, look them up to make sure they match, do some research and keep yourself safe.”

Sonntag said anyone who received a questionable e-mail or phone call may contact the Jacksonville Police Department for updated information on its legitimacy or on how to report scams.