recommended reading

FBI warns of holiday online flash sales operated by ID thieves


The feds are out with their annual tips on avoiding Black Friday, Cyber Monday and other holiday-related online scams. This year, flash sales, social media come-ons and mobile shopping apps increasingly are targeting gift-givers, according to the FBI, Homeland Security Department and security researchers. And the schemes net personal information, not just cash. For instance:

  • Through online marketplaces and auction websites, con artists sell defunct gift cards and promise hot items at rock-bottom prices -- after you handover payment information, reports the FBI’s Internet Crime Complaint Center. The debit cards are inactive by the time the present is opened. And the “discounters” are more interested in profiting from the personal information that is transmitted than the direct sale.
  • “Never provide credit card numbers, bank account information, personally identifiable information or wire money to a person who advertises items on these sites at a too good to be true price,” bureau officials advise.
  • Fraudulent sites conducting flash sales that claim limited time -- one-day or one-hour -- bargains on trendy products multiply during the holidays, the FBI reports. The fake e-tailers quickly repurpose the credit card information for their own financial gain and never fulfill the order.
  • On social networks, the same tricks are attempted. A purported merchant offers amazing deals to lure members into sharing information that the merchant then uses to hack their social media accounts. The peddler tries to “log in to other accounts you may have tied to this account, or to post illegitimate offers on your behalf,” bureau officials warn.
  • At any shopping forum, users should check the seller’s ratings and comments to ensure credibility, officials recommend.

A post by antivirus software-maker Symantec, peppered with product pitches of its own, notes that mobile shopping apps are a rising threat:

  • These apps sometimes collect sensitive information to help consumers compare prices, check if items are in stock at other stores and even conduct the financial transaction. Individuals run the risk of exposing banking and other confidential data when it is stored externally.
  • “Avoid apps that display unwanted ads or otherwise interrupt your shopping experience,” suggests Symantec Internet Safety Advocate Marian Merritt. “We call this aggressive advertising in mobile apps ‘madware.’ ”
  • Shopping information stored inside a mobile device also can be compromised. Merritt recommends using complex passwords to protect data “from cybercriminals or even a snooping kid who is curious about what you’ve bought them this year.”
  • After losing out in a flash sale or online auction, a red flag that you have been conned is a follow-up message from the vendor. “If someone tries to contact you after you fail to win an auction saying they have another of the same item or the original buyer backed out, don’t fall for it,” Merritt says.

The U.S. Computer Emergency Readiness Team has republished a 2011 advisory on seasonal computer infections. The alert focuses on scams instigated by email, such as virus-laden season’s greetings e-cards and requests for end-of-year donations from shady charities: 

  • The specialists at U.S. CERT, a Homeland Security unit, say do not follow links in emails that you did not ask for.
  • Check the integrity of the philanthropic organization on the Better Business Bureau's National Charity Report Index, officials recommend. (Editor’s note: GuideStar also is a good resource for researching the financial status and relative efficiency of foundations. However, registration is required for accessing certain data.)

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.