recommended reading

FBI warns of holiday online flash sales operated by ID thieves


The feds are out with their annual tips on avoiding Black Friday, Cyber Monday and other holiday-related online scams. This year, flash sales, social media come-ons and mobile shopping apps increasingly are targeting gift-givers, according to the FBI, Homeland Security Department and security researchers. And the schemes net personal information, not just cash. For instance:

  • Through online marketplaces and auction websites, con artists sell defunct gift cards and promise hot items at rock-bottom prices -- after you handover payment information, reports the FBI’s Internet Crime Complaint Center. The debit cards are inactive by the time the present is opened. And the “discounters” are more interested in profiting from the personal information that is transmitted than the direct sale.
  • “Never provide credit card numbers, bank account information, personally identifiable information or wire money to a person who advertises items on these sites at a too good to be true price,” bureau officials advise.
  • Fraudulent sites conducting flash sales that claim limited time -- one-day or one-hour -- bargains on trendy products multiply during the holidays, the FBI reports. The fake e-tailers quickly repurpose the credit card information for their own financial gain and never fulfill the order.
  • On social networks, the same tricks are attempted. A purported merchant offers amazing deals to lure members into sharing information that the merchant then uses to hack their social media accounts. The peddler tries to “log in to other accounts you may have tied to this account, or to post illegitimate offers on your behalf,” bureau officials warn.
  • At any shopping forum, users should check the seller’s ratings and comments to ensure credibility, officials recommend.

A post by antivirus software-maker Symantec, peppered with product pitches of its own, notes that mobile shopping apps are a rising threat:

  • These apps sometimes collect sensitive information to help consumers compare prices, check if items are in stock at other stores and even conduct the financial transaction. Individuals run the risk of exposing banking and other confidential data when it is stored externally.
  • “Avoid apps that display unwanted ads or otherwise interrupt your shopping experience,” suggests Symantec Internet Safety Advocate Marian Merritt. “We call this aggressive advertising in mobile apps ‘madware.’ ”
  • Shopping information stored inside a mobile device also can be compromised. Merritt recommends using complex passwords to protect data “from cybercriminals or even a snooping kid who is curious about what you’ve bought them this year.”
  • After losing out in a flash sale or online auction, a red flag that you have been conned is a follow-up message from the vendor. “If someone tries to contact you after you fail to win an auction saying they have another of the same item or the original buyer backed out, don’t fall for it,” Merritt says.

The U.S. Computer Emergency Readiness Team has republished a 2011 advisory on seasonal computer infections. The alert focuses on scams instigated by email, such as virus-laden season’s greetings e-cards and requests for end-of-year donations from shady charities: 

  • The specialists at U.S. CERT, a Homeland Security unit, say do not follow links in emails that you did not ask for.
  • Check the integrity of the philanthropic organization on the Better Business Bureau's National Charity Report Index, officials recommend. (Editor’s note: GuideStar also is a good resource for researching the financial status and relative efficiency of foundations. However, registration is required for accessing certain data.)

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.