PandaLabs Offers Six Tips for Safe Online Shopping on Cyber Black Friday and Monday

Cyber criminals once again saying 'bah humbug!' to the holiday season and exploiting shoppers online

Nov 22, 2010, 13:45 ET from Panda Security

ORLANDO, Fla., Nov. 22, 2010 /PRNewswire/ -- PandaLabs, Panda Security's anti-malware laboratory, is advising holiday shoppers to be extra wary when shopping online this holiday season. As in past years, cyber criminals have launched a war on the season through a multitude of holiday-themed scareware, spam and Blackhat SEO attacks.

"Cyber criminals know this Friday and Monday are two of the biggest shopping days of the year, and Americans are going to be sharing tons of sensitive data online during this period," said Sean-Paul Correll, threat researcher at PandaLabs. "It's more important than ever for shoppers to follow best practices to avoid infecting their computers or turning over their private information into dangerous hands."

Most of the malware PandaLabs sees today is specifically built for extracting credit card information, social security numbers and other data which can be used to facilitate identity theft. In fact, 66 percent of the threats in PandaLabs' malware database are Trojans that specialize in sensitive data extraction. A video representation of how Banking Trojans work is available at

To stay safe, PandaLabs suggests holiday shoppers adhere to the following guidelines this Friday and Monday, and throughout the holiday shopping season:

  • Avoid using search engines for locating special holiday deals. Criminals commonly turn to Blackhat SEO, which involves maliciously using search engine optimization around hot keywords to poison search engine results. Instead of using a search engine, go directly to reputable sites that you are familiar with. Screenshots of a recent malicious Black Friday search result is available at  
  • Don't click on embedded links in advertisement e-mails. E-mails that appear to be advertisements from legitimate vendors could be a well-disguised scam or malware attack. Chances are you'll be able to find the same deal by going directly to the website in your favorite web browser.
  • Install all available operating system updates and patches. Cyber criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advises people to update Adobe Flash, Adobe Reader, and Java software, which are all commonly targeted by cyber criminals.
  • Don't underestimate criminals. Cyber criminals have no limits, and will create fake advertisements, shopping carts, poison various search terms and more in order to infect your computer and steal your personal data. If you're unsure if a site is legitimate, run a search online to see if you can determine whether it's widely known. If you can't find details on a retailer, PandaLabs advises holiday shoppers to take their business elsewhere.
  • Only purchase from sites that offer secure browsing (SSL/https). You can tell if a site uses SSL/https if there is a padlock icon on the bottom corner or in the address bar of your browser. Some browsers like Internet Explorer and Chrome turn the address bar green to indicate that the site is secure. Even if a site uses SSL/https, remember that SSL only works to create a secure Internet tunnel between you and the e-commerce server. You can still transmit sensitive data over to cyber criminals, so it's best to run frequent anti-malware scans.
  • Always use updated anti-malware protection. Despite growing awareness of today's Web-borne threats, many people still don't use even a basic anti-virus solution and leave themselves vulnerable to infections, data loss and identity theft. You can download Panda Security's award-winning Panda Cloud Antivirus software, which is completely free, at

For up-to-date research on cyber attacks, go to

About PandaLabs

Since 1990, PandaLabs, the malware research division of Panda Security, has led the industry in detecting, classifying and protecting consumers and businesses against new cyber threats. At the core of the operation is Collective Intelligence, a proprietary system that provides real-time protection by harnessing Panda's community of users to automatically detect, analyze, classify and disinfect more than 63,000 new malware samples daily. The automated classification is complemented by a highly specialized global team of threat analysts, each focused on a specific type of malware, such as viruses, Trojans, worms, spyware and other exploits, to ensure around-the-clock protection. Learn more about PandaLabs and subscribe to the PandaLabs blog at Follow Panda on Twitter: and Facebook:

SOURCE Panda Security