Business

Distracted by holiday stress? E-mail hackers are banking on it

The logo of Amazon is seen on a package at the Amazon distribution center warehouse in Saran, near Orleans, France, November 22, 2016. REUTERS/Philippe Wojazer

Philippe Wojazer/REUTERS

Citing fake messages that appear to come from Amazon, cyber-security specialists are warning shoppers to be on guard during the stressful holiday season against disguised e-mails from digital scam artists that put their bank accounts at risk.

These “phishing” messages can look remarkably legitimate, aping the logos, language, and Web addresses of e-mails from shipping companies or shopping websites. But clicking on the wrong link can give hackers an opening to steal bank-account information or hold computers hostage until they collect a ransom.

Advertisement

Earlier this week, researchers from IBM identified a phishing campaign that appeared to come from an actual Amazon.com corporate e-mail address, with a subject line reading: “Your Amazon.com order has dispatched,” along with a fake tracking number.

The messages contained an attachment that downloaded a program called Locky, a type of ransomware that renders someone’s digital files inaccessible until they cough up a payment, typically several hundred dollars’ worth of the cryptocurrency bitcoin, said Caleb Barlow, a vice president with Cambridge’s IBM security division.

Get Talking Points in your inbox:
An afternoon recap of the day’s most important business news, delivered weekdays.
Thank you for signing up! Sign up for more newsletters here

“The quality of these is really high. You’ve got to be paying attention to not fall victim,” he said.

E-mail ripoffs are nothing new. But Barlow said their growing sophistication reflects the highly developed underground economies that have sprouted up around cybercrime.

“What we’re dealing with here is not a bored teenager,” Barlow said. “We’re talking about organized crime on an epic scale . . . and they’re structured like highly legitimate businesses.”

Advertisement

Like any other business, an e-mail scammer often exploits moments of high stress or cultural distraction, such as elections, major sporting events, or the holidays, when someone’s normal skepticism may be compromised.

Amazon declined to comment, but the company posts detailed Web pages to help consumers identify fake e-mails and to report suspect messages.

One of those tips is pretty basic: If an e-mail seems questionable, don’t click on anything. Just go directly to the company’s website instead.

IBM also recommends using credit cards instead of debit cards when possible for online shopping. Because the credit card issuer is acting as a middleman, rather than directly tapping your bank balance, it can be faster and easier to get bogus charges wiped from the record.

Keeping e-mail accounts segregated can also be a good approach. If you set up one e-mail account dedicated to online shopping, and keep it separate from accounts that have banking and other sensitive information, it’s much tougher for a hacker to turn a shopping scam into a broader data heist. Barlow also suggests never using your work e-mail address for shopping or similar transactions.

Curt Woodward can be reached at curt.woodward@globe.com. Follow him on Twitter @curtwoodward.
Loading comments...
Real journalists. Real journalism. Subscribe to The Boston Globe today.
You're reading  1 of 5 free articles.
Get UNLIMITED access for only 99¢ per week Subscribe Now >
You're reading1 of 5 free articles.Keep scrolling to see more articles recomended for you Subscribe now
We hope you've enjoyed your 5 free articles.
Continue reading by subscribing to Globe.com for just 99¢.
 Already a member? Log in Home
Subscriber Log In

We hope you've enjoyed your 5 free articles'

Stay informed with unlimited access to Boston’s trusted news source.

  • High-quality journalism from the region’s largest newsroom
  • Convenient access across all of your devices
  • Today’s Headlines daily newsletter
  • Subscriber-only access to exclusive offers, events, contests, eBooks, and more
  • Less than 25¢ a week
Marketing image of BostonGlobe.com
Marketing image of BostonGlobe.com