You may be in for more than you bargained for if you plan on looking for the latest Black Friday or Cyber Monday deals online.  Cyber criminals are quick to capitalize on new opportunities and have already done so by optimizing their Blackhat SEO campaigns to infect those looking for those hot ticket item deals.

The following image is a malicious search result aimed at innocent users looking for Black Friday deals at a popular U.S. based retail chain:

Best Buy/Black Friday Malicious Search Result
Best Buy/Black Friday Malicious Search Result

Clicking on the link in the Firefox browser will redirect you to a fake Firefox “update” website, which will then infect your computer with fake antivirus software:

Fake Firefox Update Website
Fake Firefox Update Website

Clicking the link in Internet Explorer (or any other browser) will lead you directly to the fake antivirus scan page:

Rogueware "Fake Antivirus" Page
Rogueware “Fake Antivirus” Page

We want you to find the best deals this holiday season, but not at the expense of your computer becoming infected by malware.  Here are 5 tips that you can follow for a safe holiday shopping season:

  • Always run up-to-date antimalware protection.  You can download our award-winning Panda Cloud Antivirus software for FREE at http://www.cloudantivirus.com
  • Avoid using search engines for locating special holiday deals.  This blog post is a demonstration of how quickly that can go wrong.  Instead, go directly to reputable sites that you are familiar with (E.g. bestbuy.com, walmart.com, frys.com, etc).
  • Cyber criminals are particularly skilled at automating the exploitation of critical vulnerabilities in operating systems and commonly used applications. You can quickly find yourself silently redirected to a website with a carefully crafted malicious payload, which could leave your computer infected with a data stealing Trojan, all without your knowledge.  Avoid this by installing all available Operating System and software updates/security patches from the official websites or updater applications.  In addition, we strongly advise updating Adobe Flash, Adobe Reader, and Java Sun software, as they are commonly targeted by cyber criminals.
  • Don’t underestimate criminals.  They will create fake advertisements, shopping carts, and poison various search terms.  If you are not sure about a particular site, a quick look in your favorite search engine should indicate whether or not you should purchase from that site.  If you can’t find anything about that retailer, then the chances are you should probably not shop there.
  • You should only purchase from sites that take advantage of secure browsing (SSL/https), but don’t think that you’re in the clear just because you see that neat little padlock in the right hand corner of your browser.  SSL only works to create a secure Internet tunnel between you and the e-commerce server.  You can still transmit sensitive data over to cyber criminals, so it’s best to run frequent antimalware scans!  Don’t believe me? Check out this Banking Trojan example: