At last, the 2020 holiday season is upon many of us! It has certainly been a very chaotic year filled with uncertainty and fear. However, the one thing that remains certain is that cybercriminals haven’t slowed down. Even though the holidays should represent a time for joy and good will towards others, unfortunately, not everyone shares this sentiment. During this time of year, cybercriminals and scammers get into the holiday spirit by increasing the quantity and sophistication of their scams to exploit victims for their own financial gains.
Cybercriminals and scammers look to take advantage of the giving nature of people. They leverage social engineering and other techniques to prey on their victim’s feelings and emotions, as an attempt to steal money and personal information. As many people are shopping early this year, due to concerns over Covid related closures and shipping delays, it is important that we keep our guard up. Below are a few scams to be on the lookout for:
- Look-alike fake websites: As you do your holiday shopping, be sure the sites that you visit are legitimate. Watch out for URLs that use names of well-known brands along with extra words and characters. Look for “https” and a lock symbol in the web address to indicate that a site is using security.
- Social Media Deals: Cybercriminals have ways to track what you search for online and will serve up ads through social media platforms that falsely offer those hard-to-find items with tempting discounts. A paid advertisement may seem trustworthy – be warned! These ads target the buyer market, and anyone can pay to put an ad on social media, including criminals.
- Fake shipping notifications: If you suspect the notification is fake (i.e. you aren’t expecting a package), don’t click on them because they can have attachments or links embedded in them that could download malware onto your computer in an attempt to steal your personal information.
- E-cards: Beware of two red flags — the sender’s name is not clearly visible or you are required to share personal information to get the card.
- Emergency scams: If you get a call or email claiming a family member or friend has been arrested, in an accident, or hospitalized while traveling, never send money unless you can confirm the incident.
- Phony charities: People are usually in the giving spirit during the holiday season, and scammers take advantage of that with fake charity emails, social media pages, and even text messages. Make sure to verify that the charity is legitimate before contributing to it.
- Unusual forms of payment: Be wary of anyone asking you to pay for holiday purchases using prepaid debit cards, wire transfers, third parties, etc. These payments often cannot be traced or undone if they are fraudulent transactions. Instead, use credit cards that offer fraud protection and puts zero liability on the consumer.
- Free gift cards: Pop-up ads or emails offering free gift cards may be legit or a phishing attempt to get your personal information that can later be used for identity theft. If it sounds too good to be true, then it probably is.
Attack vectors during the holidays remain largely the same, year after year, with social engineering the most-used attack methodology. These attacks focus on human nature more than a software vulnerability or system exploit, and often originate from people and places that the victim knows and trusts. Cybercriminals only need one victim to fall for their trick to make it worth their investment. Always remember to have your guard up to protect yourself while enjoying the ease of online shopping because cybercriminals will use any situation to their advantage, especially when it comes to the holiday shopping season.
Find out more about Fortinet’s NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.