Watch Your Inbox: Phishing Attacks Spike Because of Online Holiday Shopping

’Tis the season to be … hacked?

Photo by Lara via Flickr

Ordering gifts online for family and friends this holiday season? Inbox inundated with confirmation emails? You could be the perfect target for holiday hackers.

Brian Krebs at Krebs on Security is warning that consumers be on high alert this month for malicious links and attachments in emails purporting to “confirm” online orders. “Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities,” Krebs writes. His post shows a series of somewhat convincing malware emails that appear to come from Home Depot, Walmart, Target, and Costco.

Holiday hacking is a perennial problem for both customers and retailers. As transaction volume rises, retailers will often lower their fraud controls so that the sales can continue apace. This creates a window for hackers to strike and get away undetected. Krebs notes that the particular breed of “order confirmation” spam emails tends to start around Thanksgiving and run through the end of the winter holidays. The phishing attacks use “both booby-trapped links and attached files” to put malware on computers that can then pull passwords and other important information from the machines.

Huge security breaches have already hit JPMorgan Chase and Home Depot this year. Last winter, Target suffered an attack that compromised the credit and debit cards of 40 million people and the personal information of 70 million. From January through the end November, a record 696 data breaches were reported and nearly 81.5 million records exposed, according to data from the Identity Theft Resource Center. The previous record for most breaches in a year was 662 breaches in 2010.

So go ahead and shop online for the holidays. But when the order confirmations start to pile up, be very, very careful about what you end up clicking.