SAN DIEGO, Dec. 13, 2011 /PRNewswire/ -- Holiday shoppers are flocking online to get the latest deals and beat the in-store crowds. Unfortunately, the bad guys have set up shop to infect your computer and steal your personal information if you accidentally mistype the website name.
That's the warning from content security leader Websense, after its security researchers recently found more than 2,000 typosquatted online domains set up to ensnare the unaware. These domains mimic the legitimate addresses of big retailers like Wal-Mart, Apple, and Best Buy with URLs like WallMatt (dot) com, Appple (dot) com, and Bestbuyh (dot) com.
Record online sales have already been reported since "Cyber Monday," and online shopping continues to be brisk. So beware of the clever crooks: you may get to a page that looks just like your favorite retailer, but the site may then lead you to a phishing or other potentially harmful site that injects malware or infects your system with spyware. Some sites are convincing enough to lead people to enter their credit card information.
Many of the illicit sites also take advantage of top level domains by having the brand names spelled correctly, but incorrectly lead to ".org" or ".net" domains that the criminals own. These websites are often used in fake emails and phishing sites that try to lure a consumer to claim online vouchers or coupons for retailers. The user is then asked to select another offer shown in a pop-up window. These pop-ups often host fake competitions offering high-value, desirable prizes like the latest iPhone. Users completing online forms inadvertently provide cybercriminals access to their personal information, leading to identity theft, phishing scams, and malware.
"Online holiday shopping is as engrained in the criminal culture as it is in the popular culture. Criminals are very adept at creating scams that look legitimate to the eyes of the shopper, but are instead meant to deliver malware and information-stealing code, rather than the items on your holiday list. As if this isn't bad enough, the problem multiplies if the person shopping is an employee at work on their lunch break, potentially opening their business network up to expensive and embarrassing data theft."
"Careful typing helps, but will never be enough, so it's highly recommended that companies install real-time email and web security, along with solutions that prevent data theft and loss of confidential information—protection that traditional antivirus and firewall products don't provide."
-- Patrik Runald, Websense Security Labs
Screen shots of scams can be found here.
Read the 2012 Websense Security Labs predictions here: www.websense.com/assets/reports/2012-Predictions-WS-Security-Labs.pdf
To learn more about how Websense protects customers from tomorrow's threats, please read about the revolutionary Websense® TRITON™ solution, which offers complementary web security, email security, and data loss prevention.
Facebook: "Like" Websense.
Twitter: Follow @Websense.
About Websense, Inc.
Websense, Inc. (NASDAQ: WBSN), a global leader in unified web security, email security, and data loss prevention (DLP) solutions, delivers the best content security for modern threats at the lowest total cost of ownership to tens of thousands of enterprise, mid-market and small organizations around the world. Distributed through a global network of channel partners and delivered as appliance-based software or Security-as-a-Service (SaaS), Websense content security solutions help organizations leverage web 2.0 and cloud-based communication, collaboration, and social media, while protecting from advanced persistent threats and modern malware, preventing the loss of confidential information, and enforcing internet use and security policies. Websense is headquartered in San Diego, California with offices around the world. For more information, visit www.websense.com.
Follow Websense on Twitter: www.twitter.com/websense
Join the discussion on Facebook: www.facebook.com/websense
Websense media contact:
SOURCE Websense, Inc.