General security

Can Festive Fraudsters Make Money on the Internet Before Christmas?

December 20, 2012 by Adrian Stolarski

Pre-Christmas fever has slowly embraced us all. Everyone was happy to give donations to charitable organizations or throw a few dollars to help some children. But there are some people who spoil the atmosphere of Christmas: the festive fraudsters. They promote fake fundraisers and seek donations for their own pockets. Of course, very often their victims go to the police; the fraudsters are quickly caught and forgotten about. But when it happens on the Internet, the matter is much more complicated. What kind of fraud should you beware of, before you sit down with your family to eat a delicious Christmas dinner?

I see this phenomenon almost every year. And I notice that it does not decrease, but rather increases every Christmas season. Certainly during the Christmas rush all kinds of spammers and scammers try to lead us to fake online stores. I will try in this article to show you how not to be fooled.

During all holiday seasons the amount of spam sent increases, and it is growing exponentially. Almost 70% of Christmas shopping will be done on the Internet, and therefore scammers move their business there. At a time when so many people do a lot of shopping on the web, we are exposed to more Internet attacks than at any other time. Most of them use social engineering. The social engineering aspect is covered in the following articles I wrote:

All of us want our Christmas shopping to proceed without a hitch, and we also want all the gifts to arrive on time. So I think it is worth exploring methods that cyber criminals use in their attempts to deceive us.

Always check the shop

Toward the end of December, it gets dangerous on some websites that turn really big money. A good auction portal provides an easy way to access many features. A fraudster creates a new account and an online store and adds it to a list of a dozen sites involved in comparing prices. It is really easy and very cost-effective. A seller who has a shop of this type just might get away with stealing some money from its customers. Then the seller gets a new account and opens a new store, probably before Easter, and will be selling bunnies.

We must always remember to choose only stores that we trust. We should never take a chance before Christmas because we don’t want to have an incident that completely spoils our festive mood. Remember one thing: If something for sale on an auction site seems like an incredible opportunity, a red light should appear in your head. If a bargain is incredible, it is always a warning sign. There are real bargains, of course, but they are much more likely after the holidays. Also remember this one thing. We have to order much earlier than usual to make sure our dream gift does not get stuck in the post office. (Or in Santa Claus’s sleigh?)

Watch out for viruses

We probably all know that we have to watch out for viruses. But who would not click on a Merry Christmas wish? Or on a reindeer, who has just stumbled and cannot get up from the snow? But maybe when you click on it, you get a very bad virus. Flash animations can be very dangerous for us, as can any type of codec needed to open up controls on a page. Flash is really a development of JavaScript. All that can be done with JavaScript can also be done by using Flash and vice versa. A Christmas game written in Java will allow everything enabled by Java in terms of data collection, including even reading the ID number of your hard drive. Anything you want can be attached to a codec, even if it’s innocent and it sounds nice. So codecs can be used by festive fraudsters to mess wherever they want. In fact, many files, especially if they are sent by strangers, will include a nice Christmas present. It’s not necessary to say what the present might contain. These “gifts” also get attached to messages and e-mail links sent via instant messaging.

We also look for the next serious threat, as we do every year. This may be through social networking attacks. We all need to remember one thing. Before you add a new person to your circle, or open any attachment on Twitter, look two or even three times to make sure it really is from one of your friends. In this case, the risks are really the same as in the case of instant messaging and email. For several months, we have heard about viruses that send messages to or from your Facebook account, and Christmas will be really a great opportunity to demonstrate the capabilities of new viruses.

Social engineering in the service of scammers

Here I will describe an attack scenario that could actually happen, but it does not have to. Note that this is quite likely to happen, but it does not have to happen. Ready? So here we go.

First, John gets up at 7 am, and at 9 he is at work. At 9:15 he reads his email. He receives a very bad message. Well, ebay has sent him a message that his account has been locked, and the gifts that he ordered will not be shipped. The message says there is only one way to remove the lock: John has to click on a link in the message and re-authorize the website to which the link leads.

Second, John panics and clicks on the link. He disregards the warning From Google that the page is likely to contain malware. He enters the service and computer malware is installed on his company machine without his knowledge. It is a backdoor codenamed Win32/FynloskiAA, one of the most cunning viruses of this type. This backdoor allows an attacker to completely take control of each infected machine.

Third, is the way in which the offender, without needing permission, can spy on the victim. This backdoor allows the invader to capture an image from the webcam installed in the laptop. In addition, the infected machine becomes a zombie computer that performs cybercriminal activities, such as participation in a DDoS attack. Such an attack involves hundreds of thousands of requests to the servers of companies and institutions, which leads to their temporary blockage.

What should stick in your mind? Note that neither the banks nor the auction company will ever send their users any links that lead to sites trying to get us to re-confirm their data. Nor would they run any programs on our system. We must emphasize one thing: f you receive a message that breaks this rule, the warning light should immediately go on in your head.

Magic SMS

For many years, premium SMS has been a fashion because of the portals that offer movies and dating sites. But premium SMS is also used to extort money. Surely all of us have seen some of these messages. Send us an SMS with the number xxxx yyyy. The SMS was going to cost a dollar, and it actually cost $50. This is an example of fraud with which we are dealing. Before Christmas it changes dramatically. Money is extorted through premium SMS with a much higher cost. Certainly our mobile phones will be filled with messages like, “Your friend really wants to wish you a merry Christmas. To see who this mysterious person is, send an SMS to the number xxxx.” If you see this kind of text, be sure to ignore it. Do you know what it looks like on the inside? I do not know, and you do not want to see.

You are offered a database of telecommunications companies for 100 USD. Why would you need a full telecom user base to find your family and friends? This is a thoroughly transparent fraud. If you respond to this text message that costs 100 USD, you will wish that you could make the same company that sends this type of SMS thank you for your expenditure.

Risks to Children

This subject is also very complicated. The problem has always existed. Sometimes party games advertised to your child actually contained links to sites with ladies who have large breasts and are naked. Or to gambling sites. Now, for a change, there will be a lot of Christmas animations and gaming advertisements that will refer the user to sites with pornography or to online casinos. Do not be surprised if you get a lot of pornographic images based on the topic of Christmas and Santa Claus himself. At a time when our children will be surfing the web during the holidays, make sure that they have increased parental control. In addition, be careful to make sure that your child, while surfing, is not running up a huge bill on your credit card.

Another form of attack that threatens our children is through chat services. A dangerous offender might pretend to be Santa Claus. He may try to make an appointment with your child, so you must increase your caution. Any incident of this type should immediately be reported to the police, because there may be a dangerous criminal behind it.

The administrator also has a family and sometimes he should be free

Yes, it’s true. Every webmaster or administrator also celebrates the holidays and would like to have these two days off in a year. On 25 and 26 December, it will certainly be difficult to report any information about failures and attacks. Administrators also want to eat Christmas dinner and sing Christmas carols. So at this time we can be deprived of their protection. Anything can happen on these days, but do not panic. Let people rest. Let us send them Christmas wishes.

The threat of cyber fraud

Fraudsters will certainly keep trying. They will not take Christmas off. Administrators are people too and they also want to relax, although they will know that the network will not be sufficiently protected. If you are an administrator for a large company or a government agency, put some of your staff on high alert. The best solution is this: When an incident occurs, the system administrator should report it as a text message or as a signal to the pager. Then the administrator can celebrate quietly and will not have to be afraid that it will cause regret.


We consider a number of things in this article. Shop only at trusted stores and trusted vendors. Watch out for links in emails and on websites. Do not be fooled by greeting messages. And most important: Protect your children. Dedicate as much time to them as to your own security concerns.

Or maybe the holidays are a time when we should turn off the cable TV, turn off the computer and mobile phone, and devote ourselves to the family? Maybe it’s time that we spend with those who are close to us? Can you let yourself relax, along with the administrators who oversee our safety net all year? I greet all clients and readers of Infosec. I greet Rob Rodriguez and Jack Koziol. Greetings to all the researchers at Infosec. I also greet friends from Future Processing Firms, especially Walus, Adrian Rojek, Łukasz Januszek, and Bart. Regards to Terrarium and all of his family. I wish you all a peaceful and enjoyable Christmas.

Posted: December 20, 2012
Adrian Stolarski
View Profile

Adrian Stolarski is a freelance security tech blogger, specializing in Java, PHP, and JQuery. In his own words, he does the hard work of training the unemployed. Currently, he handles Evaluation Visualization for real-time systems with XWT and Eclipse RAP. If he sees that something works, he asks how it works and why it works, then sets out to make it work better. A researcher for InfoSec Institute, he currently lives in Poland, but plans to move to London.