recommended reading

FBI warns of holiday online flash sales operated by ID thieves


The feds are out with their annual tips on avoiding Black Friday, Cyber Monday and other holiday-related online scams. This year, flash sales, social media come-ons and mobile shopping apps increasingly are targeting gift-givers, according to the FBI, Homeland Security Department and security researchers. And the schemes net personal information, not just cash. For instance:

  • Through online marketplaces and auction websites, con artists sell defunct gift cards and promise hot items at rock-bottom prices -- after you handover payment information, reports the FBI’s Internet Crime Complaint Center. The debit cards are inactive by the time the present is opened. And the “discounters” are more interested in profiting from the personal information that is transmitted than the direct sale.
  • “Never provide credit card numbers, bank account information, personally identifiable information or wire money to a person who advertises items on these sites at a too good to be true price,” bureau officials advise.
  • Fraudulent sites conducting flash sales that claim limited time -- one-day or one-hour -- bargains on trendy products multiply during the holidays, the FBI reports. The fake e-tailers quickly repurpose the credit card information for their own financial gain and never fulfill the order.
  • On social networks, the same tricks are attempted. A purported merchant offers amazing deals to lure members into sharing information that the merchant then uses to hack their social media accounts. The peddler tries to “log in to other accounts you may have tied to this account, or to post illegitimate offers on your behalf,” bureau officials warn.
  • At any shopping forum, users should check the seller’s ratings and comments to ensure credibility, officials recommend.

A post by antivirus software-maker Symantec, peppered with product pitches of its own, notes that mobile shopping apps are a rising threat:

  • These apps sometimes collect sensitive information to help consumers compare prices, check if items are in stock at other stores and even conduct the financial transaction. Individuals run the risk of exposing banking and other confidential data when it is stored externally.
  • “Avoid apps that display unwanted ads or otherwise interrupt your shopping experience,” suggests Symantec Internet Safety Advocate Marian Merritt. “We call this aggressive advertising in mobile apps ‘madware.’ ”
  • Shopping information stored inside a mobile device also can be compromised. Merritt recommends using complex passwords to protect data “from cybercriminals or even a snooping kid who is curious about what you’ve bought them this year.”
  • After losing out in a flash sale or online auction, a red flag that you have been conned is a follow-up message from the vendor. “If someone tries to contact you after you fail to win an auction saying they have another of the same item or the original buyer backed out, don’t fall for it,” Merritt says.

The U.S. Computer Emergency Readiness Team has republished a 2011 advisory on seasonal computer infections. The alert focuses on scams instigated by email, such as virus-laden season’s greetings e-cards and requests for end-of-year donations from shady charities: 

  • The specialists at U.S. CERT, a Homeland Security unit, say do not follow links in emails that you did not ask for.
  • Check the integrity of the philanthropic organization on the Better Business Bureau's National Charity Report Index, officials recommend. (Editor’s note: GuideStar also is a good resource for researching the financial status and relative efficiency of foundations. However, registration is required for accessing certain data.)

Threatwatch Alert

Cyber espionage / Spear-phishing

Russia-Linked Hacker Unit Targets French Presidential Election

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.