The holidays are upon us and with them comes holiday cheer but not far behind is a Grinch. This Grinch is neither green nor fuzzy, nor does this Grinch look and sound like Jim Carrey. This Grinch comes in the form of cyber criminals who have hearts two sizes too small. These cyber criminals distribute scams during the holiday season that are designed to separate victims from their money during the most expensive time of year. There are numerous scams that everyone needs to be on the lookout for, and no doubt there will be new scams this year that we haven’t seen before. Keep the following things in mind this holiday season to avoid holiday scams:
- Don’t click on links or download attachments in unsolicited emails.
- Be skeptical of all offers that seem “to good to be true.”
- Only make purchases from reputable vendors.
- Research companies and organizations before providing personal or payment information. (if at all suspicious, don’t provide any information)
- Use anti-virus software to protect your device (and your information) when you’re not paying attention.
- Stay up to date with operating system, application and antivirus updates to help protect your devices from malware.
The following is a list of scams that are proliferated during the holiday season. Knowing what to look for will help you avoid falling victim to these scams and keep your holiday spirit from boiling over into holiday frenzy.
Fake Delivery Scams – During the holidays shipping companies experience a radical spike in business. Ever the clever clogs, scammers are now exploiting this trend and sending out fake emails that spoof major shipping companies such as FedEx. These emails suggest that a delivery company was unable to deliver a package and requests that the recipient download a “shipping receipt” that is attached to the email and take it to the nearest shipping location. Unfortunately, the only package to be delivered is the malicious file attached to the email. The attached file, falsely referred to as a “shipping receipt,” will either download malware to the computer/mobile device or redirect the user to a phishing scam website to harvest personal information. These scams are designed to obtain enough information to steal the victim’s identity. Not in the spirit of the holidays.
How to avoid this scam: Email scams can often be spotted by reviewing the sender’s email address; a real email should be sent from an official email address such as “example@FedEx.com.”A scam email claiming to be FedEx will be sent from an unofficial email address such as “email@example.com” or a generic free service such as “firstname.lastname@example.org”. Major companies never use free email services such as Google, Yahoo, or Hotmail. Never download attachments from an unknown source and avoid clicking links contained in unsolicited emails. Instead visit an organizations official website and search for further information.
Gift Card Scams – Be wary of unpackaged gift cards sold in store on gift card displays. Using cheap, easy to obtain magnetic card readers, scammers are visiting stores and scanning unpackaged gift cards to obtain the gift card number. Then they will simply wait a few days and call the gift card hotline to see if the gift card has been activated and what balance remains. Then using the newly activated gift card they can shop freely online using the hard earned money of others.
How to avoid this scam: Avoid purchasing unpackaged gift cards; preferably purchase a gift card from a customer service agent who has access to gift cards that are not publicly displayed. Gift cards that are sealed in non-clear packaging are safe to purchase as any tampering is clearly evident.
Charity Scams – Truly a low point, even for scammers. Fake telemarketers, emails, and websites can be found requesting charitable donations for specified causes. Currently a popular charity scam is requesting donations to assist with the recovery effort from Typhoon Haiyan in the Philippines. Don’t let this stop you from donating to charity, just be vigilant to make sure your donations will reach the desired recipients and not line the pockets of criminals.
How to avoid this scam: Research charities with the Better Business Bureau to check that the charity is both real and trustworthy. You may also find that you’re surprised with the BBB ratings of some of the most well known charities.
Online Coupon Scams – Phishing websites and emails have been spotted offering exclusive coupons and often going as far as offering products for free. These websites are designed to trick users into providing sensitive personal information that can be used to steal the victim’s identity. In exchange these websites advertise that the victim will receive exclusive (but nonexistent) coupons or even free products. Unfortunately, neither the coupons nor the products are likely to exist and the victim can be left repairing their finances after identity theft.
How to avoid this scam: Even during the holiday season when there are so many shopping deals to be had it is important to be cautious. Avoid deals from suspicious websites and only shop on official URL’s of reputable retailers.
Fake Holiday e-Card malware – E-Cards are a popular way to spread holiday cheer to family and friends but sadly cybercriminals are using them to spread holiday malware. These fake e-cards often contain malicious attachments that will deliver malware to the computer, or mobile device, when downloaded.
How to avoid this scam: These fake e-card emails are generally sent by spam bots. The email used to send these fake e-cards should be unfamiliar to the victims. Never open an attachment in an unsolicited email. Be sure to use antivirus software on all your devices (computers, tablets and smartphones) to help avoid a malware infection.
SMS Scams – Holiday shoppers are always looking for the best deals, so when shoppers receive a text message stating that they could receive exclusive products or even free gift cards they are understandably interested. This scam is very similar to the email and website phishing scams that offer coupons and free products but is instead delivered via SMS messages. This kind of text messaging scam is known as “smishing.” As with the website and email phishing scams, these smishing scams are designed to trick victims into providing personal information that can be used to steal their identity.
How to avoid this scam: Be cautious of all unsolicited text messages. Instead of ignoring these messages respond with a message containing only the word “STOP”. This is a universal cease and desist keyword that must be respected by SMS messaging companies. Keep in mind cyber criminals tend not to follow the rules so you may also want to call your mobile service provider to report the offending phone number and have it blocked.
Computer/Mobile Malware – Malware is a year round threat but typically during the holidays there is a malware boom. While there is no way to pinpoint the exact cause of the holiday malware boom it seems quite likely that it is due to electronics as gifts. Malware authors have a larger group of users to target and a larger number of users unfamiliar with the signs and symptoms of malware.
How to avoid this scam: Always use anti-virus software on your computer and mobile devices (including smart phones). Also make sure the operating system, applications, and antivirus is up to date to help prevent malware from infecting your device.
- License: Image author owned
James Green is a security researcher for Android antivirus company Armor for Android. James has worked in the Android security field for several years and provides privacy and security advice to Android users.