‘Top 10 Most Dangerous Holiday Gifts’ for Cyber Monday 2012

Cyber Monday, the unofficial beginning of the holiday shopping season online, will occur this November 26, 2012, bringing with it throngs of shoppers on the hunt for the best deals and hottest products. As retailers try and get ahead by offering the same specials in store as online, the National Retail Federation is seeing a shift in shoppers skipping the 3am wake up call and long lines in favor of the Internet.

However, this convenience serves only as further motivation for cybercriminals targeting unassuming shoppers as they use search engines to find gifts for their loved ones. Google search results for products often include links to ‘poisoned’ sites, or malicious websites that can infect an unsecured computer or smartphone with viruses, worms and other malware, putting one’s personal and financial information at risk.

The more popular an item is, the more likely it will attract a dangerous search result, which could lead to malware or an unreliable merchant. Here are the products we anticipate will be targeted by cybercriminals this holiday season:

  1. Nintendo Wii U – Available as of this past weekend, the Wii U is expected to be a big seller like the original Wii, which was sold out for nearly an entire year after its launch
  2. Kindle Fire HD – Tablets are all the rage right now, and a $199 sets this 7” to sell big, with some predicting that the Kindle Fire HD will outsell the iPad mini by two to one
  3. iPad mini– This budget-friendly Apple tablet is flying off the shelves, with it taking just minutes for the white iPad Mini to sell out at its initial launch
  4. Hot video game titles – New titles like Halo 4 and COD Black Ops 2 are shattering sales records. In fact, Halo 4 raked in $220 million in its first day on the shelves
  5. Pre-sale tickets for The Hobbit – Scheduled to come out December 18, pre-sale tickets for this great stocking stuffer are already going fast
  6. Windows 8 Certification–With the launch of Microsoft’s Windows 8 software has come a flurry of interest in computer monitors and PCs that boast certification rights
  7. iPhone 5 / Samsung Galaxy 3– It is predicted that this December quarter, Apple will sell 46 million iPhones, and with retailers already advertising Black Friday deals of nearly 75 percent off on the Samsung Galaxy 3, both smartphones will be in demand
  8. Touchscreen gloves – We expect the overall demand for touch devices to drive the sale of related accessories
  9. Furby – Remember this furry little creature that created utter chaos back in the 90’s – well he’s all any kid can talk about for this holiday season
  10. Breaking Dawn DVD– With Breaking Dawn 2 experiencing a $30.4 million opening, the first Breaking Dawn DVD and other Twilight movies will be popular stocking stuffers

Here are three tips from F-Secure to ensure you stay safe while shopping online this Cyber Monday, and throughout the 2012 holiday season:

  • Visit retailers’ websites directly if possible (e.g., www.amazon.com vs. searching ‘Amazon’ on Google)
  • Use Internet security software that features browsing protection (or check links with F-Secure’s free Browsing Protection)
  • Always check a site’s URL before making any purchase (look to make sure you’re at the correct online store and that the page URL begins with https://, which means it’s secure)

For more advice on staying safe online, including our tips for protecting credit card information while online shopping.

F-Secure’s list of the ‘most dangerous gifts’ was compiled based on market analyst data and gift list inclusions. An analysis of Google Trends has shown items on this list are positioned to spike in search volume during this holiday season.

Cheers,

Sandra

More posts from this topic

bash

Shellshock only concerns server admins – WRONG

Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke   PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good.   Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.  

Sep 26, 2014
BY Micke
Unbenannt-2

Why your Apple Watch will probably never be infected by malware

On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS.  iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.    

Sep 9, 2014
BY Jason