NEW YORK (MainStreet) —As millions of consumers try to find the best deal on Cyber Monday, hackers are ready to take advantage of the season.
Shoppers who are looking for the best bargain need to be prepared so they don’t wind up being hacked since cyber criminals are preparing to infect millions of computers with malware and viruses. On the three days surrounding Cyber Monday 2013, infections spiked a whopping 40% over the average for that time of year, said Patrick Morganelli, senior vice president of technology for Enigma Software, a Clearwater, Florida anti-spyware program manufacturer.
“The holiday shopping season is one of the busiest times of year for the cyber crooks who spread malware,” he said. “They know lots of people will be online and lots of people will be looking for deals."
WATCH: More personal finance videos on TheStreet TV | More videos from Lauren Lyons Cole
A recent Gallup poll found that 62% of Americans worry about computer and smartphone hacking and 27% say that during the last year they or a member of their household had credit card information stolen from a card used at a store.
Cyber crooks use the season to target computers for malware infections, so start by avoiding spam emails and links promising great deals that seem too good to be true. Malware makers will send bogus emails making all kinds of promises which really contain links that can install malware if they are clicked on, Morganelli said.
Social media is also a prime target and hackers will post bad links in Facebook and Twitter accounts to hijack them. Never click on such links, even if they look official. It may be extremely tempting, but this includes Twitter’s direct messages and messages sent to you via Facebook. The messages may look like they are from your friends, but there is a good chance their account has been compromised.
Creating fake emails that look like they are from real online retailers is quite common, but spotting these cons may not be so easy. The criminals often know you have bought something online from Amazon or Toys "R" Us, so they will send fake emails that tell you there was a problem with your recent order, hoping you'll click on a link that will install malware, Morganelli said.
Some cyber crooks kick it up a notch and have now poisoned search engines with their results. Sophisticated cyber crooks can create fake web pages promising to sell hot holiday items at very low prices, Morganelli said. Now their handiwork even shows up in Google searches for some products.
"These crooks know that people are looking for good deals and are most likely in a hurry when checking emails and doing Google searches," he said. "The infections they are creating are more diabolical than ever. If someone clicks over to the bogus page, an infection is just a few seconds away."
In the past, malware infections were nuisances that slowed down your computer and were less harmful. The infections today are lethal and can steal personal information, access your contacts and obtain financial records.
Be wary of unfamiliar web sites that ask you to install software before continuing with your shopping. There is no need to add more software to complete a purchase and most of the time that software has malware embedded in it.
Those pesky pop-up ads have not been eliminated, so avoid them at all costs, said Gary McAlum, chief security officer for USAA, the San Antonio-based financial services company. You may be more inclined to click on pop-up ads offering free shipping or extreme holiday discounts.
“These pop-ups or even banner ads are especially dangerous and could trigger your computer to download a nasty virus or spyware,” he said.
While mobile shopping is gaining ground, avoid making purchases through unsecured Wi-Fi hotspots. You can tell if you are using an unsecured network when you can connect without having to use a password. Unsecured hotspots mean you are sharing your personal or financial information. Instead, use the direct web access on your phone via a 3G/4G connection, McAlum said.
Consumers must ensure they have proper security for all their personal devices, said Charles Tendell, CEO of Azorian Cyber Security in Denver.
“It's still difficult to make certain you won't be hacked, but take extra precautions such as using cash in stores and prepaid or alternate credit cards with low limits designated just for shopping,” he said. “This way if the card is stolen or captured on a hack, it won't affect your primary cards or funds.”
PayPal is a convenient option for shopping because personal information is never shared with merchants, said Anuj Nayar, senior director of global initiatives for PayPal, the Palo Alto, Calif. payments provider.
“We have industry-leading anti-fraud technology that gets smarter with every transaction that comes through our system,” he said. “With the technology that we have in place, often times we can catch unusual activity while it is happening and even sometimes before it reaches our consumers.”
Since many people shop by using their mobile phone, it is recommended that you enable “timeouts” on your mobile phone in the event that your phone is lost or stolen, said Richard Avery, president of northeast region of Securitas Security Services USA.
“This would entail enabling a lock screen password that you would use to 'unlock' your phone after it had automatically timed-out after a set, but brief, duration of time when the device is on, but isn’t in active use,” he said.
A new wave of cyber criminals are called Distributed Denial of Service (DDoS) attack experts, said Bill Barry, executive vice president at Nexusguard, a San Francisco-based security software company. Their goal is to deny consumers access and service to the sites they visit.
“Unlike political hacktivist groups such as Anonymous who also use DDoS as a primary weapon to disrupt websites, digital assassins are hired guns who solicit their talents to anyone who will pay, ranging from a disgruntled employee all the way to terror groups,” Barry said. “For a little as $2.00 an hour, they can flood a site with traffic and guarantee the site is disrupted or brought down completely.”
As mobile payment becomes more mainstream, consumers should expect to see more attacks disrupting service or stealing personal information, Barry said. If you learn that a large online retailer has been compromised, be extremely cautious if you still plan shopping there.
“The real challenge is outsmarting the people or groups behind the attacks since these people have the financial resources to execute the attacks,” he said. “This is what they do all day every day. The attackers and hackers attack in bursts and from multiple angles, so do not assume the problem has been quickly fixed.”
--Written by Ellen Chang for MainStreet