Guide to Christmas Scams
Date: Nov 13, 2015
As the new holiday cyber crime season rolls in, it’s a good idea to look at the scams of last year, which will be recycled with a few small updates. Plus it is always important for IT departments to give employees a refresher course on what to look out for.
Here are a few scams to keep an eye out for this holiday season:
Watch out for the too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
Be vigilant for alerts via email or text that you have just received a package from DHL or Parcelforce for example, which then asks you for some personal information. Don’t enter anything. Think Before You Click!
There are often fake refund scams going round that could seem to come from Amazon, a hotel or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware.
Malicious E-card Greetings
Happy Christmas! Your email has an attachment that looks like an e-greeting card, pretty pictures and all. You think that this must be from a friend. No. Malicious e-cards are sent by the millions, and especially to work email addresses – never open these as they might infect your workstation.
Fake Gift Card
Cyber criminals promote fake gift cards through social media but what they’re really after is your information to be used for identity theft. A typical example could be to award a free £200 gift card to the first 1000 people to sign up on a (fake) John Lewis Facebook page.
Cyber criminals build complete copies of well-known websites, send emails promoting great deals, sell products, take credit card information, but never deliver the goods. These sites are only live for a few days and the money usually goes abroad. Your credit card company will refund the purchase, but apart from not getting your gift(s) your card number is now compromised and will be sold and used by other cyber criminals. A recent variation of this example has been the Dartford Tunnel payment website where you think you are paying the toll, but it is to a copied website – see: http://www.theguardian.com/money/2014/dec/20/dartford-crossing-toll-invitation-scammers
The holidays are traditionally the time for giving. It’s also the time that cyber criminals try to pry money out of people that mean well. Watch out for any communications from charities that ask for your contribution, (phone, email, text, and tweets) and make sure they are legitimate. It’s a good idea to contact the charity to make sure the request did in fact come from them.
Direct Message Scam
You tweet about a holiday gift you are trying to find, and you get a direct message (DM) from another twitter user offering to sell you one. Stop – Look – Think, because this could very well be a sophisticated scam. If you do not know that person, be very careful before you continue and never pay up front.
Extra Holiday Money Fraud
People always need some extra money during this time, so cyber criminals offer work-from-home scams. The most innocent of these make you fill out a form where you give out confidential information like your National Insurance number which will get your identity stolen. The worst of them offer you work where you launder money from a cyberheist.
Search Term Trap
Cyber criminals do their research and find out what people want. They then build a site that claims to have the desired item. They push that site high onto the search engines and you might click on that link. But the site contains malware and will infect your PC. Make sure that your web-browser is always fully updated, and will warn you if it sees that the site is unsafe.
Evil Wi-Fi Twin
You may bring your laptop/tablet/smartphone to the shopping centre to search for gifts and check if you can get it cheaper somewhere online. But the cyber criminals are there too, shopping for your credit card number. They put out a Wi-Fi signal that looks just like a free one you always use. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your credit card data while you buy online.
And one we expect to see: free Star Wars movie tickets
Look out for phishing attacks that try to trick you into winning movie tickets for the new Star Wars movie. For the next two months this is going to be a highly successful social engineering attack that a lot of IT users are going to fall for.
Today, it is more important than ever to take your employees through effective user education.
Our managed Security Awareness Training and Testing service provides high quality, web-based interactive security awareness training combined with frequent simulated phishing attacks, case studies, live demonstration videos and short tests. The service aims to make sure all employees understand the mechanisms of spam, phishing, spear phishing, website security, pop ups, adverts, malware, ransomware, social engineering and physical security.