Tis the season to be wary, fa la la la la la la la la.
The holidays are just around the corner and as we prepare for the excitement and mayhem of holiday planning and shopping, we must not forget that we are not alone. Cybercriminals, too, are looking forward to the hubbub of holiday cheer, readying themselves to take advantage of various aspects of our lives: our desire to spend time with our families, our socially connected lifestyles, our penchant for owning mobile devices, and our collective good spirit.
Listed below are 12 of the most popular holiday cyber scams. Take a look, spread awareness amongst your family and friends, and keep everyone Internet-safe and happy.
Taking advantage of your family
Hotel “wrong transaction” malware emails
Many of us travel over the holidays to unwind, recharge and refresh ourselves. Whether we’re travelling to see friends and family or vacationing with loved ones, all we want to do is to spend some time alone with the people we care about. One of the last things on our minds is to worry about scams, but cybercriminals have created a way to take advantage of our desire for some family time. It has come to McAfee’s attention that scammers have taken to sending out emails that appear to be from a hotel, notifying recipients of a “wrong transaction” that has been charged to their credit cards. Of course, this type of notice is alarming to anyone who receives it, and generally, their first instinct is to download the attached refund form to get their money back. And with a click of a button, victims download malware onto the machines, and there’s no telling what sorts of mischievous activities will follow.
Tip: Play it safe and remember to never open an email from an unfamiliar sender. When in doubt, always call the establishment from which the email seems to have been delivered.
Mystery shopper scams
The holidays would not be complete without holiday shopping for your loved ones, and we could all use a little extra cash to get the perfect gift for that special someone. Some of us pick up seasonal jobs to help finance the gift-giving season, and one of the most popular jobs is that of the mystery shopper, hired to go undercover at a store and report back about the customer service they received. Taking advantage of our generous and hardworking spirit, cybercriminals have taken to sending out text messages to “recruit” mystery shoppers, instructing them to call a number to inquire about the position. Once they call, criminals request their personal information, including credit card and bank account numbers.
Tip: Always remember that legitimate companies would never ask for this information or recruit employees with text messages.
Taking advantage of your connected lifestyle
“I’m away from home” scams
Are you connected to people you don’t know on social networks like Facebook? And do you openly broadcast your travel plans and whereabouts? You can probably see where this is going – there is an inherent risk with letting people know that you will be away from home. Burglars can be pretty tech savvy, and in this day and age, online searches can easily turn up anyone’s home address, and publicizing that your home will be vacant is almost akin to inviting someone to rob you.
Tip: Don’t connect with people you don’t know, and don’t publicize that your home will be empty and open for burglary.
Phony Facebook promotions and contests
It’s not uncommon for companies to advertise great deals and contests on Facebook, and generally, when we see promotions and prizes that look interesting, our first reaction is to sign up. After all, who doesn’t love getting free stuff and saving money? Cybercriminals know this, and will create phony promotions and contests to lure participants, request them to fill out multiple surveys with their personal information, and then pass on this information to spam and telemarketing companies.
Tip: If something sounds too good to be true, it probably is. There is no such thing as a free lunch, and your personal information is much more valuable than anything that any company could offer.
Scareware, or fake antivirus software
Scare is fake antivirus software that tricks users into believing that their computer is at risk of infection, or is already infected, so they agree to download and pay for phony software. With an estimated one million victims worldwide falling for this scam every day, this is one of the most common and dangerous Internet threats.[1] In October 2010, McAfee reported that scareware represented 23 per cent of all dangerous Internet links.[2] Since many consumers typically receive new computers for the holidays, we expect an increase in scareware scams.
Tip: The safest way to go about purchasing security software is by going directly to the website of legitimate vendors or well-established retail outlets.
Malicious content and websites
We tend to spend more time online during the holiday season searching for gifts and other holiday ideas, and will often run into holiday-themed content like ringtones and e-cards that we may want to download. It’s important to remember that there’s a possibility that a good percentage of the content available on the Internet is malicious. In fact, McAfee has found that within the top 100 results of daily top search terms, nearly 50 per cent lead to malicious sites.[3]
Tip: Always use a safe search tool such as McAfee® SiteAdvisor® software, which tells you right in the search results page if a site is safe to click on.
Taking advantage of your mobile devices
Malicious mobile apps
According to a recent McAfee-commissioned global study to assess the attitudes of Internet users all over the world when it comes to such topics as Web security and data protection, 60 per cent of average home Internet users now own at least three digital devices, like PCs, Macs, smartphones and tablets, per household, with 25 per cent of users now owning at least five devices.[4] The growing popularity of mobile devices has proved irresistible to cybercriminals and they’re now increasingly targeting mobile users with malicious applications often disguised as fun downloads like games. These are designed to steal personal information from smartphones or send out expensive text messages.
Tip: Remember to only download apps from official app stores, such as iTunes and the Android Market. It’s also useful to read users’ reviews before downloading them.
Mac malware
The percentage of consumers who own Apple Mac and iOS devices is growing rapidly, and cybercriminals are taking advantage of this by designing a new wave of malware directed as these operating systems. While Apple machines and devices were once seen as insulated from Internet security threats, malware targeting the Mac platform has recently increased by 10 per cent a month,[5] and McAfee predicts that iPhones and iPads are next.
Tip: Always be sure to download Mac updates and install security software such as McAfee® Internet Security onto all iOS devices.
Taking advantage of the holiday spirit
Zombie infections
Computer zombies are just as scary as the walking-dead kind. They are infected computers that are being remotely controlled by a hacker without the owner’s knowledge, and they send out spam and try to infect other unsuspecting systems. Getting infected by a zombie is as easy as clicking on an attachment in a holiday-themed spam email.
Tip: Practice safe surfing and always use antivirus protection.
Holiday phishing scams
There are many seasonal traditions and activities that consumers engage in, including the sending of packages and greetings and participating in and donating to charities. Knowing this, cybercriminals tailor their emails and messages with holiday themes in the hopes of phishing recipients into revealing personal information. Phishing is the act of tricking consumers into revealing information or performing actions they wouldn’t normally do online.
A common holiday phishing scam is a phony notice from a local courier service stating that you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer.
Fake charity requests are another popular scam this time of the year. Be suspicious of any unsolicited emails and never respond with sensitive information. If you would like to donate to a charity, pick a well-established organization and contact them directly through their website.
Tip: Always be careful where you click and be sure to scope out the situation before providing your personal information.
Online coupon scams
Couponing has become wildly popular and there’s nothing better than a deal during the holidays. Scammers know that by offering irresistible online coupons, they can convince people to hand over some of their personal information. For example, they could require consumers to provide financial information such as their credit card number to redeem the coupon. And in some cases, scammers are circulating fake coupons that consumers cannot redeem.
Tip: Use reputable coupon sites and always remember that if an offer seems too good to be true, it probably is.
“It” gift scams
Every year there are hot holiday gifts, such as toys and gadgets, that sell out early in the season. Gift-givers sometimes become desperate to obtain the “it” gift and they search high and low for it online. When a gift is hot, scammers will advertise these gifts on rogue websites and social networks, even if they don’t have them. The result is that consumers end up paying for an item and giving away their credit card details, only to receive nothing in return. Once the scammers have their personal financial details, there is little recourse.
Tip: Be wary of those sellers you’ve never had purchasing experiences with, and only purchase items from reputable establishments.
By: Brenda Moretto