Shopping online is fun, safe and a great way to save money. But it carries with it all the same risks of any online activity that requires you to enter sensitive information like bank or card details. The best way to protect yourself against someone else getting hold of your information is to be aware of the threats that are out there.
According to the latest government statistics, cybercrime costs consumers £7bn a year. Most of that is taken in spear phishing attacks.
Spear phishing - or phishing - is when a site or email looks like it belongs to a company you know and trust, but is actually created by criminals with the sole intent of capturing your confidential information.
A phishing site might look like your banking login page, online gaming account service or similar and have a form for you to fill in with your personal details including password and card numbers. Once you've entered your details, they're saved on to the criminal's database ready for them to use later.
A security suite like Norton Internet Security will scan your email for messages which purport to be from legitimate sources, but aren't, and warn you if it thinks any sites you visit aren't what they seem.
The recent scam which ripped off Xbox live users was a classic phishing attack. According to the Symantec Intelligence Report for November 2011, one in every 302 emails contains a phishing attack.
If a criminal can't trick you into giving over your details willingly, they'll try and steal them by installing software on your PC that harvests data like bank passwords. You wouldn't install it willingly, though, so these programs are spread in various ways.
The first is by hiding them in other files, which is why it's never a good idea to download files from a site you don't know and trust. Often, this ‘malware’ will be concealed in a program that promises to do something good - like speed up your PC, or give you commercial software for a massive discount or free. You might not even know you're installing a program - a website might contain a pop-up window asking you to agree to something innocuous, but in reality is asking for permission to install malware on your computer.
Worse, there are many 'drive by download' websites which can install malware on your PC just by visiting them in an insecure browser. The best way to defend against these attacks is to be careful about which sites you visit, and what you download, and to keep Windows and your browser software up-to-date with the latest security patches.
Software like Norton Internet Security Suite will provide a second line of defence, scanning your browser for infected downloads and suspicious behaviour. Nearly 10,000 new websites are added to Norton's database of dangerous download locations every single day.
Be wary of any software which looks like a well known commercial application (like Microsoft Word or a well known game) but appears to be low cost or free. There's up to a 90% chance that anything you download from a 'warez' site that distributes illegal copies of commercial software contains malware of some sort.
It's a sad but true fact that the vast majority of email - some 30bn messages a day or 70% of all messages - are unsolicited spam.
Spam mail isn't just about trying to get you to buy things you don't need or that are illegal - like medicines - either. It's a primary source of distributing malware. Spam mail might contain an attachment, for example, that contains a keylogging program that will record any passwords you enter on your computer, or it might direct you to a phishing site.
Right now, a popular spam message claims to warn recipients of a disease outbreak, with the subject line "Epidemic in xxx", where "xxx" is a country or state. Clicking on the link in the mail will take you to a website that will attempt to download malware on your PC.