The holiday season is always a time for chaos, making it one of the most opportune times for scammers to get in on the action. However, with its supply chain issues and an intense pressure to make up for 2020, this year might just take the cake. With everyone making rash decisions, this is a veritable gold mine for scammers.
If you want to avoid giving gifts to cybercriminals this year, it might take some extra savvy attention. Check out our list below to learn about the most common scams to watch for and how to protect yourself.
Online Shopping Scams
Since most people love to shop online, these scams start with a fake website, app, or ad. The scammer might come up with a distinct name for the fake business, but more often, they piggyback on more trusted suppliers and companies (think: Amazoon.com or nordsstrom.com).
These scams offer too-good-to-be-true deals and then either deliver merchandise that is shoddy at best or never deliver anything at all. Scammers don’t always just take the money that you’ve given them either. They can easily commit identity theft with your information too.
Social Media Scams
Social media scams mimic other social media offers, such as free gift cards. For instance, a fake site might offer a $5 voucher for a product in exchange for taking a brief survey.
Since you’re not giving up your credit card information in this scam, it might seem like a legitimate offer on the face of it. However, the real scam is the information you part with in order to get the fake reward that can later be used for identity fraud or other types of cybercrime.
Missed Package and Delivery Scams
With so many packages being delivered, this scam takes advantage of millions of people checking the status of their deliveries.
A cybercriminal will create a message that looks like it comes from a legitimate carrier, like UPS. The notification will promise to update the buyer about where their package is and when it’s going to be delivered.
The link and tracking number it contains are fake though, designed to install malware on your device and/or steal information. Criminals may also use a phone call scam around this time of year, one that charges excessively high rates to wait on hold or requests additional money to deliver a missed package.
Charity scams pose as legitimate causes to take advantage of people who want to give over the holiday season. They can take place either over the phone or online, and they’re designed to appeal to people’s generosity and their desire for a tax deduction. They can often be spotted by the immediacy of the request. Scammers make it seem as though it’s urgent you decide right now.
Fake Gift Exchanges
A fake gift exchange is one that asks you to purchase something for someone else (usually on social media) in exchange for even more gifts. While the cost of the initial purchase is often nothing alarming (often around $10 or so), there are often far more nefarious intentions behind the scam. Not only will you typically not get any gifts in return, it’s also likely that your information will be stolen and used for identity theft purposes.
Ways to Protect Against Holiday Scams
Besides knowing the scams and watching for the signs, practicing good cyber hygiene can be a great way to keep yourself and your personal data out of harm’s way.
This means avoiding attachments and links from anyone you don’t know, regardless of whether it’s on a website or through an email. If a company you rarely deal with asks you specifically to update your information, call the number listed and make sure that it’s a legitimate request.
Warning signs of suspicious links:
- Shortened URLs: If the URL is only a few letters long or doesn’t actually spell out the name of anything you know, it could technically go to any website.
- Security alerts: A legitimate company won’t send you a security alert link in an unsolicited email.
- Email links: Don’t click on unsolicited email links that ask you to update your password information.
If an email isn’t specifically addressed to you, avoid clicking on any attachments. You should also avoid any file extensions that are unknown (e.g.: *.zip, *.exe, *.vbs, *.bin, *.com, *.pif, or *.zzx).
As with any criminal, what you’re really trying to practice is vigilance. If a request or promise seems fishy, it’s likely because it is fishy. If the details are vague, it’s because the whole premise is a lie. Yes even the most vigilant users can get caught in the moment and click on something malicious. To further protect yourself and your organization’s data, consider investing in managed endpoint detection and response cybersecurity services to ensure threats are detected and mitigated quickly.