According to new research from managed security firm Network Box into web-based security threats, more than 57% of all threats were phishing attacks, compared to 28.3% in November.

The firm’s analysis of web-based threats in December 2009 shows that just over 57 per cent of all threats were phishing attacks, compared to 28.3 per cent in November.

“The run up to Christmas is traditionally a time for hackers to strike the vulnerable. A higher proportion of shopping is done online, with more money spent than at any other time of year,” warned Network Box internet security analyst Simon Heron.

“Christmas offers rich pickings for phishers. This is likely to continue through the sales in January, and we urge online bargain hunters to be vigilant.”

The firm found that the Brazil was the greatest source of viruses and spam during that time, accounting for 20.9% of all viruses and 9.1% of all spam originated in December. The figure was up from 14% and 8% respectively in November.

The advice to users is to ensure that their antivirus software is fully updated.

It is also expected to be another huge year for online retailers, with sales on the Monday following Thanksgiving, the busiest single day for online Christmas shopping in the US, hitting $534 million. In other parts of the world, it is a similar story. In the UK for instance, the Monday following the first weekend in December is considered to be the biggest shopping day for online retailers with shoppers spending an estimated £320m ($533m) on that day alone last year.

But whilst many shoppers will be busy considering what gifts to pick up in the festive sales, one thought that often slips by is whether online shopping remains secure.

Most of us have become conditioned to spotting the key security signs when it comes to shopping securely online. The “padlock” symbol in the bottom corner of the browser window and the “https” in the URL bar are both signs that we are entering our credit card details over a secure connection. Many card providers also employ additional layers of security to ensure that the person using the card is indeed the owner. Mastercard use a system known as Securecode whilst Visa’s equivalent is known as Verified by Visa.

But what if things do go wrong? We you covered in case the worst happens? Well, whilst the law varies from country to country, it is possible that a bank or credit card may not cover any fraudulent card activity if you do not use any antivirus software on your PC.

Credit card fraud is a big issue, with the internet contributing a significant amount to the overall bill. In the US, around 7 cents in every $100 spent is thought to be fraudulent whilst the bill for fraud in the UK ran at £535m ($892.8m) in 2006.

In the US, legislation in the event of fraud is quite favourable to the consumer. If the card holder becomes the victim of fraud and reports this to their card issuer, they are usually reimbursed in full, although the law does allow for customers to bear a maximum $50 liability. The cost for the fraudulent transaction in this case is borne by the merchant (the seller of the goods).

In the UK however, the cost of the fraudulent activity is the responsibility of the issuing bank. Credit cards and bank accounts in the UK are covered by the banking code which, whilst protecting customers, places the onus on the customer to take care of their cards and financial transactions.

Interestingly, this duty of care makes explicit reference to antivirus software on a user’s PC. Clause 12.1 of the banking code states:

“Keep your PC secure. Use up-to-date anti-virus and spyware software and a personal firewall.”

Clause 12.11 later states:

“If you act fraudulently, you will be responsible for all losses on your account. If you act without reasonable care, and this causes losses, you may be responsible for them. (This may apply, for example, if you do not follow section 12.5 or 12.9 or you do not keep to your account’s terms and conditions.)”

Whilst there have been no reported cases of banks or lenders refusing to insure fraud losses due to a lack of antivirus software or spyware removal tools, it is conceivable that a lender could deem a lack of anti-malware software as “acting without reasonable care”.

The advice therefore is to ensure that if you are shopping online this Christmas, avoid a nasty surprise by making sure that all transactions take place on a computer which has an up-to-date antivirus software package.

The new Emue Card is being trialled by 500 employees of the accounting firm Deliotte until the end of the year and is the latest weapon in battle against online fraud.

Whilst a number of innovations have been generally successful in reducing traditional examples of credit card fraud, such as the introduction of Chip & Pin terminals in parts of Europe, the level of “card holder not present” fraud, which relates to transactions occurring online, by post or by phone, has increased in recent years to the point where it makes up 50% of all fraudulent credit card activity.

The new card features an embedded keypad and numeric display. To make a purchase, the user enters their PIN into the card which then generates a unique security code which is then entered into the payment screen. This code is then used by the merchant verify the purchase.

To access the security code, a would-be fraudster must have both the card and the PIN number to be able to make a purchase online.

Sandra Alzetta, head of innovation at Visa, told the BBC that the card was bringing the principles of chip and pin technology to the online world.

“The card needs to be globally compatible: that means embossed characters for mechanical swipes, a magnetic strip for systems that require a signature, the fixed three digit security code and now the unique four figure code.

“You have to remember that our cards work across the world and not every country or retailer has access to the level of technology we might be used to,” she said.

According to figures released by Apacs, the UK payments association, earlier this year, £328.4m was lost to “cardholder not present” fraud in 2008.

Sir Tim, who first published the idea of creating the web as an easy means of sharing electronic data 20 years ago this month, revealed to the Daily Telegraph that he had been conned when trying to buy a Christmas present. It was only when the item didn’t arrive that he realised that he had been conned.

The scam came to light as Sir Tim was preparing to speak at the Web Science 09 event, where he is expected to express concerns over online security.

“The worst thing that has happened to me was when I tried to buy a Christmas present from a company that looked like a bona fide company on the internet and then actually they were a completely fake company,” he told the Telegraph. “I think I am yet to get the money back, but it wasn’t a lot.

“The moment I called the 0800 number listed on the website, there was a very polite message saying this number is available if you would like to use it, so a little bit of due diligence on my part would have revealed it wasn’t what it was set up to be.”

Sir Tim said he felt that international agreements were needed to ensure that those involved in online crime didn’t escape punishment.

He said: “There have been many positive things about the web, but there are also some nasty things out there too. You can find out how to cure diseases, but you can also find out how to make bombs.

“Sometimes we need new laws, but in other cases we need to realise that old laws can still be applied to the web.

“We need to tackle issues of enforcement instead, as the laws on fraud, for example, already exist but is hard to find and catch the people responsible.”

He added: “There is a lot of malicious traffic that is viruses talking to each other. When a virus infects somebody’s machine they make programmes that send out emails, which are the bane of the internet and is responsible for much of the spam.

“I personally feel that if you have systems that allow you to isolate the infected systems and cut them off until they have been disinfected, it would be a way of preserving service for everyone else.

“It would reduce the amount of spam by a huge amount and making the internet a place where viruses don’t thrive.”

It’s estimated that in the UK, December 8th will be the busiest day of the year for online retailers, with £13.16bn being spent online in the final quarter of the year – a 15% increase on last year whilst in the US, it’s claimed that at least 88% of shoppers will at least research gift ideas online whilst 77% will carry out at least half of their Christmas shopping online.

But whilst online shopping is a growing phenomonon, the security risks that has been commonly associated with online shopping remain. In the UK last year, fraudulent credit / debit card activity for “card holder not present” transactions, whereby the card holder is not physically present in the place of business (such as online or telephone transactions), totalled £290.5m ($430.6m) according to Apacs, who monitor all credit and debit card activity in the UK.

Like with most aspects of internet security however, it is possible to take some simple steps to protect yourself from fraud.

Install internet security software.

Internet security software can help to distinguish illegitimate websites which could be attempting to appear as bona fide businesses. An email scanner will also catch any potential spam emails which may attempt to entice you into ordering from fraudulent sources.
It is also worth noting that whilst most fraudulent acts wth credit / debit cards are ensured, many banks insist that you take “reasonable care” with your card usage. Ordering goods online on a PC that does not have any form of antivirus or security software may be deemed as a breach of this condition.

Check that the company is legitimate.

A flashy website does not mean that the company is law-abiding, so take care when ordering from sites that you have not used before.
Legitimate traders will usually display a trading address and landline telephone number which you can contact. If in doubt, a simple search should uncover reviews of the retailer from previous customers.
If buying on eBay, make sure that you check the sellers feedback and read any negative comments that may have been left

Take into account the postage costs.

With many online retailers, the price that you see is not always the price that you pay. Make sure that you note down any postage and packaging costs, credit card surcharges and admin fees.

Use a secure site.

When ordering online, make sure that you do not enter any personal details or payment information on a side that is not sercurely encrypted. Most legitimate retailers use a SSL (secure socket layer) TLS (transport layer security) connection to prevent your data being intercepted or views by a third party. A secure site will be indicated by a padlock image on the bottom bar of your browser.
If paying for products bought on eBay, it is recommended that you use PayPal as a means of payment rather than cheque or money transfer as this this gives you more protection as a consumer.

Check the terms and conditions.

Read the terms and conditions of the retailer before placing your order and ensure that you are aware of the company’s privacy policy, cancellation policy and delivery proceedures.