Black Friday and Cyber Monday are over and holiday gifts are arriving. But cybercrime season is just beginning.
Here are 6 tips to follow to avoid holiday scams and prevent cyber criminals from spoiling your holidays.
- Keep software updated.Whether on a laptop or smartphone, keep your operating system, apps, and security software updated. Do this before you do your holiday shopping; it's your best protection against malware and phishing. If you aren't sure what needs to be done, at work, look to your security awareness training program or organization's security policies for information. At home, the FTC Protect Your Personal Information and Data is a good place to start.
- For last-minute shoppers,always go to reputable sites for purchases. Carefully look at URLs before you click. Cyber criminals put up "deal" web sites for unsuspecting shoppers. When visited, shoppers get an extra "gift" of drive-by malware, or stolen information when they input their data. And if the price looks too good to be true, well, it probably is, and you are paying with your identity or malware.
- Be extra vigilant for phishing attacks during the holidays. Phishing attacks are more sophisticated than ever, and phishers are ramping up attacks more than ever during this holiday season. A few common phishing attacks you'll see during the 2021 Holiday Season are:
- Brand impersonation.Phishers craft emails to look exactly like they are coming from a trusted brand.
- Fake order receipts. Phishers send a receipt to you for something you didn't buy. They are counting on you clicking on the link to notify the store, or open the attached "bill".
- Fake shipping and delivery notices. Buried with all your legitimate shipping and delivery email notices are ones crafted to look like just like the legitimate ones, but if you click, you're phished. Phishers are also inundating mobile phone users with smishing attacks, or SMS phishing attacks, where they send fake shipping and delivery notices. This method is extremely effective because 82% of people open every text message.
- Compromised account. An email warns you that your email account or security software is compromised. Be on alert for web page notices or pop-up messages alerting you to security problems.
- Practice social media restraint. Social media is rampant with scams year-round, but especially during the holidays. Two common holiday scans to avoid. 1) Fake social media ads which mimic legitimate ads but take you to fraudulent copycat sites. 2) In social media gift exchanges(e.g., "Secret Santa", "Secret Sister", "Secret Santa Dog", and wine exchanges), you sign up and buy a gift for an unknown stranger in the hopes you will receive multiple gifts in return. These gift exchanges are not only are designed to steal your money and information; they are also illegal. Finally, protect your own information during the holidays. Don't post your vacation plans online, where thieves can't find them, and use them to plan burglaries.
- Charitable scams. As we approach 2022, charities are launching their year-end drives, asking for donations. Scammers know this and are launching coordinated scams at the same time. One of the best ways to protect yourself is never to donate in response to a phone or email solicitation, instead go to your favorite charity's website directly. The FTC offers some insightful tips on the tricks that scammers use including: using fake caller id's with local area codes, using names that sound like real charities, and promising to enter you into a sweepstake.
Several sites provide services where you can look up charities to determine they are legitimate, but see how your donation will be used: Charity Navigator, Charity Watch, and Give.org from the Better Business Bureau.
- Look for fraud in your bank account, credit and debit cards, and payment apps (e.g., PayPal, Venmo, CashApp, Zelle, Google Pay and Facebook Messenger). With increased spending during the holidays, it's especially important that you carefully look at your purchases and balances in December and January, but it's a good idea to do this on an ongoing basis throughout the year. Immediately report any fraud to your financial institution, your credit card company, credit bureaus, the FTC, and law enforcement.
The entire Security Mentor team wish you a happy, healthy & cybersafe holiday season and prosperous new year.