Thursday, March 7, 2013
Do you get more than you bargain for when you download coupons?
Recently, there has been a rise in the use of coupons, coupon sites, coupon toolbars and coupon printers to deliver malicious software and viruses, according to Laura Heilman, security awareness training and education manager with Enterprise Information Technology Services (EITS) in the Office of Information Security at the University of Georgia.
Phishing scams that include coupons crop up all the time. Online scammers often send out emails that look exactly like legitimate money-saving deals.
Many of these emails include links that, when followed, are supposed to take you to a great deal on a webpage. Some claim to have coupons attached as a separate document. Others appear to be coupons that you must click to claim.
What do they have in common? Attempting to redeem any of them can lead to malicious software (malware) or viruses being downloaded to your computer and used to steal your identity, according to Heilman.
“One of the worst recent coupon-related phishing scams is a very convincing, but fake, Groupon that supposedly comes from a friend who wants to share a great deal with you,” she said.
These realistic-looking emails contain an attachment. You are prompted to open it if you want to claim your discount. Of course, the attachment contains a file laden with malware that will download onto your machine as soon as you open it. After that, everything you do online, each key you press on your keyboard, is recorded and passed on to the online criminal who created the malware.
You can guard against this sort of email phishing scam by knowing what to look for.
Be on the alert for misspellings in the subject line and body of the email; generic greetings; and deadlines — just like you would do for any other suspicious looking email.
When in doubt, contact your friend to see if they actually sent you a coupon, or just delete the email. And remember, that too-good-to-be-true deal probably isn't, Heilman warns.
Criminals will even take it one step further by creating fake daily deal sites — that look just like the real thing — designed to trick you into downloading malware. These sites often prompt you to install a toolbar so you can get the best deals. When you do, you are likely to download malware rather than coupons.
You should always avoid downloading any kind of toolbar; you never know what added problems you will get.
And coupon toolbars are no exceptions. Toolbars and related popups frequently deliver links to malware infected sites. Sometimes just clicking on an offered deal is all it takes to infect your computer with malware or spyware.
“Even legitimate coupon toolbars that alert you to new deals are very similar to malware and will run in the background without your knowledge,” Heilman said. “Coupon toolbars can tie up your computer's resources and gather information about your browsing habits. Many of these toolbars can redirect your browsing, serve up coupons that may contain malicious software or code, and even skew search results so you are directed to websites the toolbar promotes. It can be very difficult to remove toolbars because they tend to leave bits of themselves behind in hard-to-identify files.”
Imagine what could happen if criminals used a toolbar as a way to deliver bogus coupons that contained malware. The toolbar would do all the work of introducing the malware into the depths of your computer, and it could take a long time to detect and remove all the files that allow the malware to steal your information — if you even noticed what was happening, she said. Each deal the toolbar offered could lead to deeper infection, or report your personal information to another unknown recipient.
Be very wary of coupon printers, as well. Many coupon printers are on the level, but not all are.
Online criminals use coupon printers and fake coupons as a way to deliver malware, some of which is specifically designed to log keyboard keystrokes. That means that, once you have downloaded the coupon printer and the hidden malware, every time you shop online, log into your email, do some quick banking, or check your credit card balance, your username and password is logged and reported.
Avoid downloading any coupon printers that are not from well-known and reputable sites, and never download coupon printers or toolbars to a UGA-owned computer.
In fact, you should take steps to avoid downloading and installing anything on your work computer without clearing it with your departmental IT person first.
If you decide to install coupon toolbars or coupon printers on your personal computer, you should only do so if you are certain that your antivirus and anti-malware software are up to date.
Even then, it is best to avoid installing anything unless you can scan for malware before you activate and use the program. The most secure way to score online coupons and deals is to go directly to the website of the manufacturer or merchant offering them.