There once was a time when the biggest shopping scams were overpriced department stores and fake purses. But now shoppers should be on alert for Cyber Monday, which creates a whole new arena for ripping you off.

“All signs point to 2012 being the biggest year yet for scammers,” said Mark Risher, the chief executive of business security provider Impermium, in an email to VentureBeat. “In the week leading up to Cyber Monday, we’ve already seen a five-time increase in the amount of shopping-related spam across social networks.”

Cyber Monday is a term the National Retail Federation created in 2005 to call attention to all the online shopping you’ll probably be doing on the Monday after Thanksgiving, when you’re back at work and failing to be productive. Over time, it’s turned into a semi-big deal, with lots of discounts, coupons, and other bargains.

Cyber criminals go where the money is and where the easiest targets are, and Cyber Monday brings both of these together. People are on the hunt for good deals, and they are prepared to spend their dollars. It’s an ideal opportunity for a criminal to slip in and get you to click on a fake deal — the Internet equivalent to “Psst, hey, there are some Louis Vuitton bags down that alleyway.”

Indeed, social media is going to be hit hard with fake deals and likely even viruses that spread messages heralding savings. Criminals like to target social media because you inherently trust posts from your friends. If they can post a status to your friend’s Facebook wall on your behalf, he’s likely to believe it’s you that posted the status update, and click the link.

Pinterest users should also watch out. We saw a rash of Pinterest scams in March in which clicking a picture on its network leads to a spammy website. Since then, Pinterest is doing better at blocking these websites. It also tells you if you are being redirected to a different site when you click on a pin. Still, click with care.

Shoppers should be wary of public Wi-Fi hotspots. With smartphones today, a lot of people shop in malls, doing comparison shopping. According to a study by security company McAfee, 73 percent of Americans feel comfortable using public Wi-Fi, and 54 percent of Americans plan on using their phones to shop this holiday season. But you never know who is snooping the traffic on that hotspot that advertises itself as “free public Wi-Fi,” collecting all the data you’re transmitting.

Be sure to only make payments over a secure Internet connection to avoid getting your information — and maybe even identity — stolen.

According to Risher, the concerns about mobile shopping don’t end there.

“Mobile devices present an extra problem, because the small screens make it difficult for users to see where a link is leading” unlike on a desktop browser, where users can hover over the link to see its true destination, Risher said. “In these circumstances, users should be extremely cautious about entering their username or password on any pages they reach through a click. When in doubt, always browse to the site directly or use a bookmark to ensure against phishing and fraud.”

Bitdefender, a Romanian anti-virus company, says shoppers should look out for any offers of a “Platinum Card for Cyber Monday” advertisements. These are fake and infect the computer with malware when clicked.

If you do fall for one of these scams, Risher says to pay close attention to your credit card statements for any unusual activity.

“In addition, customers should ensure their anti-virus software is up-to-date and running regularly, as many shady sites can also harbor viruses and malware,” Bitdefender advises.

Hacker image via Shutterstock

I like reading academic papers. They are a glimpse into the minds of talented researchers and provide a great view of what’s next in the infrastructure startup world.

A colleague recently forwarded me a tweet about a paper by Cormac Herley of Microsoft Research. It had one of the most attention-getting titles I’d seen in a while: Why do Nigerian Scammers Say They are from Nigeria?

It’s a great question. Most everyone is familiar with the Nigerian email scam by now. A distant relative of a prince, dictator, or civil servant claims to be in control of a pile of money they must transfer out of their third-world country. The scammer emails the victim with an impassioned plea for their help, and in exchange they offer to split some of the (fictional) money with the victim. The victim is ultimately convinced to put up some of their own (real) money to cover transfer fees, expenses, etc., and disaster ensues.

I’ve always wondered why scammers continue to send emails that the average person can quickly detect as bogus. Why not improve them in some way to get around the defenses we’ve built up to this scam and draw us in with something more compelling? In thinking about “scam optimization” my questions always focused on how to modify victim behavior to attract more attention and lure in more potential victims (improve the pitch, fix the crappy English, come up with a more original ruse, etc.) However, Microsoft’s Herley thinks a bit differently. He looks at the problem from the perspective of the scammer, and draws some good conclusions about how and why they optimize this particular type of “attack”.

The answer to his original question is pretty straight forward. The scammer’s biggest problem is getting false positives. There just aren’t enough victims who’ll fall for the pitch to begin with, regardless of how well constructed the pitch might be. But there are clearly enough prospects out there to make the entire exercise a good use of time — assuming the scammer can focus on the likely victims instead of every potential victim. By weeding out the vast majority of victims who will never reach fruition, despite early interest, the scammer can pursue the potential victims who do show interest in a pitch with much more confidence.

Essentially, scammers face an optimization problem. Touching a huge number of potential victims is easy. The real cost is the time spent converting a prospective victim into an actual victim. The scammer has to spend time to build the victim’s confidence to the point where they wire some amount of their money to the scammer.  The opportunity cost here is massive.  Spending time on a prospect that ultimately gets cold-feet is the worst possible outcome for the scammer. Not only did they fail to collect any money, but they wasted a bunch of time getting a “no.” The longer that victim took to ultimately back out, the higher the scammer’s cost. Since time is a real constraint, finding a way to steer clear of people who start a conversation but won’t ultimately send money is just as important as nurturing the rare victim who will end up handing over his or her cash.

Now, re-read the preceding two paragraphs, and replace the word “scammer” with “entrepreneur”, and the word “victim” with “investor”.

I’ll wait while you do it.

The parallels are real, and worth thinking about. Of course there are many differences between startup fundraising and Nigerian email scams, but there are lessons to be learned. I believe strongly that entrepreneurs must recognize that fundraising is also an optimization problem, and that they will be faced with tough questions like: Should I talk to 15 prospective investors or just five? Am I comfortable missing one investor who would have said “yes” if it means avoiding 10 conversations with investors who would never fund me to begin with?

The constant limiting factor facing an entrepreneur is time. It is often said — quite accurately — that getting to a “yes” is the best outcome, getting to a “fast no” ranks a close second, and that the “slow no” is the worst outcome of all. In a frothy fund-raising environment filled with angels, seed funds, and VC firms, the false-positive problem is very real for entrepreneurs. Everyone wants to play investor. Nobody wants to miss out on hearing a hot pitch. Getting the first meeting is easy, but separating the tire-kickers from the likely investors is the hard part. Spending your time with the former distracts you from the latter, and, more importantly, sucks time away from building your product and you growing your team.

Entrepreneurs need to develop their own framework for detecting false-positives among investors that fit their particular situation. Here are some questions you should be willing to apply as filters to every potential investor you consider:

• Have they invested in my industry before? At my current stage?
• Do they write the size check I need? Am I too big or too small of a deal for them?
• Is there any evidence that they are trying to invest behind the trends driving my business? Can they articulate a theme or thesis that maps to my market space?
• How much due diligence will they do? How can I stage the diligence to get them to a “fast no” rather than a “slow no?”
• How involved do they get with other investments they make? Is that a fit for what I want out of my investment partners?
• Do they have other investments in their portfolio that corroborate / contradict my world view and mission as a startup?

Being realistic in your answers to these questions will save you tremendous amounts of time. The reality is that most companies are not a fit for most prospective investors. The simple math says that for every “yes” there will likely be many, many “no’s”.  Modifying behavior to fit that dynamic is tough for almost everyone.  It doesn’t feel good to be told “no”, and it’s much easier to spend time with people who give you distant hope of getting to “yes”.  It’s even easier to modify your message, tweak your pitch, or otherwise hope to change the ingrained biases of most investors, instead of hunting for the much smaller number of investors who are ready, willing, and able to fund your company.

Optimize your fundraising behavior. Confidently weeding out the likely “no’s” will pay dividends as you focus your time on the investors who have a real chance of getting to “yes”.

Sunil Dhaliwal is a general partner at Battery Ventures, where he invests in IT infrastructure, distributed systems technology and data analytics. His investments include Agari, Continuuity, Fastly, Netezza, Opscode, Precidian Investments, and Splunk. He blogs at The Whole Stack. Reach him on Twitter or at sunil@battery.com.

Top photo credit: lenetstan/Shutterstock

We’ve known for a while that spam was jumping on the Pinterest train. Now, security software service McAfee is sending out an official warning to keep an eye out for fraudulent pins.

According to McAfee, hackers have created entire toolkits that make it fast and easy to deploy new spam campaigns on the social network. Pinterest displays “pins,” or images taken from around the Web, to a “board.” These images are outbound links to various websites, and are ripe for exploitation.

“These tools are so easy that many require only the attacker or scammer to change a couple of lines of code in the available kit,” said McAfee senior research engineer Hardik Shah in a blog post. “They can literally start a new Pinterest scam within minutes!”

The toolkits come with software that has the ability to “mass-like” pins, add an account creator, mass-follow people, automate fake commenting activity, and more. These toolkits have been behind much of the malware distribution in 2011. They allow hackers/scammers to automate the process of creating unwanted content (see: Internet-crap & spam), and then distribute it.

We found a scam on Pinterest in early March that showed a picture of a Cheesecake Factory coupon, promising free gift cards to all users. Scams are often touted as a “Pinterest special,” available only for users of this special, new social site. And because it is a special, new social site, people believe the fake offer. Many of these scams also ask a user to “re-pin” the image first (broadening the circle of lies), and will then prompt that user to take a survey. This kind of activity falls in line with phishing scams, as opposed to malware attacks.

McAfee warns that if a website asks you to re-pin before delivering the content, it’s most likely a scam. The security firm also makes the point that Pinterest users should beware of affiliate link spam, which is when scammers lure bystanders to an Amazon page that is associated with the scammer’s account. When that person subsequently buys something on Amazon, the company pays a commission to the scammer.

Beware of pins that lead you to website that masquerade as Pinterest as well. These will try to push the same, “You won this contest!” type of pin, and they are generally fake.