Once again, the holiday season is upon us! For me, this time of year means spending quality time with my family and friends. It represents a time for joy and kindness towards others. Unfortunately, not everyone shares this sentiment. During this time of year, cybercriminals and scammers like to get into the holiday spirit by increasing the quantity and sophistication of their scams to exploit victims for their own financial gains.
Cybercriminals and scammers often take advantage of the giving nature of people, especially during the holidays. They leverage social engineering and other techniques to prey on their victim’s emotions and feelings of goodwill during the season to attempt to steal money and personal information. They also attempt to hide their attacks in the flurry of shopping and other activities hoping that their actions will go unnoticed.
As we go into the holiday season, it is important that we all keep our guard up. Knowing some of what to look for goes a long way in staying cyber-safe. To help, here are a few of the more common scams to be on the lookout for.
Look-alike websites: As you do your holiday shopping, be sure the sites that you visit are legitimate. Watch out for URLs that use names of well-known brands along with extra words and characters. Look for “https” and a lock symbol in the web address to indicate that a site is using security. Look for misspelled words, requests for your personal information, and prices that seem especially low – especially for popular yet hard to find items. Chances are, those deals probably ARE too good to be true.
Fake shipping notifications: If you receive an email notification that “your package has shipped,” and you suspect that the notification is fake (i.e. you aren’t expecting a package), exercise extra caution. Be suspicious of invoices for things you didn’t order, especially if the price seems especially high. Certainly don’t click on the email on any attachments or embedded links because they could download malware onto your computer in an attempt to steal your personal information.
E-cards: We all enjoy holiday cards, even e-cards. But if you do receive one, beware of two red flags — the sender’s name is not clearly visible, or you are required to share personal information to get the card. Chances are, it’s a scam.
Emergency scams: If you get a call or email claiming a family member or friend has been arrested, has been in an accident, or was hospitalized while traveling, never send money unless you can confirm the incident. Contact them or others that know them directly, and use traditional methods for sharing funds directly with the individual.
Phony charities: People are usually in the giving spirit during the holiday season, and scammers take advantage of that with fake charity emails, social media pages, and even text messages. Make sure to verify that the charity is legitimate before contributing to it, and that any links provided are legitimate. Often, the best option is to go directly to the charity’s website to make a donation rather than using any links embedded in an email or website.
Unusual forms of payment: Be wary of anyone asking you to pay for holiday purchases using prepaid debit cards, wire transfers, third parties, etc. These payments often cannot be traced or undone if they are fraudulent transactions. Instead, shop with legitimate retailers that take traditional forms of payment and that provide things like receipts and a reasonable return policy.
Free gift cards: Pop-up ads or emails offering free gift cards may be legit – or, more likely, they are a phishing attempt to get your personal information it can later be sold on the dark web or used for identity theft. Again, if an opportunity sounds too good to be true, then it probably is. Do your due diligence by contacting the organizations or merchants supposedly offering them.
Swiping Safely: Since most credit card companies offer fraud protection on fraudulent transactions, and financial protection if your card is lost, stolen, or misused, consider using your credit card instead of your debit card when making holiday purchases – or even when making any larger purchase. When you need to get cash, it is best to find a bank and use the ATM located inside the building. If that is not an option, carefully inspect the ATM for card skimming devices or anything that looks out of the ordinary before inserting your card into the slot. ATMs are designed for thousands of transactions, so anything that can be wiggled, is the wrong size or color, or otherwise doesn’t seem to fit should be a warning sign.
Finally, if you see something, say something. Report suspicious activities to the merchants, banks, charities, and other organizations being misrepresented, as well as to the cybercrime division of your local law enforcement or the FBI’s Internet Crime Complaint Center.
The holidays can be a wonderful time of giving, celebrating, and gathering together with family and friends. Nothing can spoil the season more than being a victim of a cyber scam or other malicious activities. If you take the time to follow the guidelines posted above, you are likely to have the joyous season you have been anticipating.
Want to learn more about cybersecurity? Educate yourself. Find out more about Fortinet’s NSE Institute programs, including the Network Security Expert program, Network Security Academy program and FortiVets program.