A newsletter just released from the Social Engineer website (http://www.social-engineer-org) has some good advice on how to protect yourself from cybercrime during the holiday season. This was written by Christopher Hadnagy.
Cybercrime, scams and malicious social engineering is always a threat, but when a large company did a survey on how shoppers shop during the holiday, 70% stated they would spend considerable time on the Internet researching purchases before the holidays. With the increase time and purchases on the Internet, there will inherently be an increase in the scams and crimes committed online.
I thought it would be a good idea to talk about the ten holiday scams you will want to watch out for during this holiday season and how you can protect against them.
1. Fake Gift Card Scams: Malicious scammers and shady websites often offer what appear to be legitimate gift cards. An example of one that was recently used on Facebook (fig 01) drove people to a site that required them to enter all sorts of personal details. This information is often sold to marketers or even worse, used by identity thieves to steal your identities as well as financial information.
2. Suspicious Holiday Rentals: Many holiday travelers wait to the last minute to book hotels, cabins or little get-a-ways. Many criminals will use this lack of planning to steal money. They will post fake rental ads that seem very tempting and then ask for either cash or wire transfers as down payments. Of course, the money is lost and the travelers are gravely disappointed.
3. Recession Scams: With many people suffering from the poor economy and now being put under pressure to still buy gifts for the holidays, there are many scams that offer low interest or interest free loans. Others target people through email to offer prequalified credit cards or other methods of obtaining money to spend during the holidays. The problem is, there is no money; only loss. Many of these offers should be researched heavily to ensure that they are not scams, but real offers.
4. To-Good-To-Be-True Scam: While many feel the pressure to provide good gifts, scammers will use auction sites as well as fake websites to make offers that are way too good to be true. The victims pay and receive nothing in return. Of course, a shopper should not fall for the “price is too good to be true scams” and only buy from reputable websites and auction houses as well as purchasing from high ranking sellers on those sites.
5. A time for giving: Holidays are times when people are in a very giving spirit. From guys ringing the bells as you enter Walmart to phone calls, many people are interested in helping those in need. This is an avenue that many scammers will use. Fake websites, spam email and solicitation phone calls are all used to get information from victims that can be talked into giving out personal information and even worse, financial information. Be sure that the charity you are about to donate to is legitimate and the person you are speaking to is the real deal. For example, if you get a call from a local children’s fund, you can tell them you are not able to talk right now. Then you can get the number to their local office, call them and make your donation that way. This will ensure you are donating to the right cause.
6. “I’ve been robbed” scams.: This is a more malicious and evil scam that has been on the rise lately. Scammers do a little bit of research and find out the name of an elderly couple’s son or daughter then grab an email with that name, i.e. ChrisHadnagy1234@yahoo.com., Then they send their “parents” an email stating they have been a victim of a robbery and need to be bailed out. The unsuspecting parents wire some money and are victims of this terrible scam. I know we are a very digital society, but I guess to me, it is amazing this one is on the rise. Pick up the phone!! Confirm your kid is in trouble before you go sending your life savings.
7. Dangerous Wifi Scams: Many people take time off of work and travel a lot for the holidays. While traveling, you may want to connect to the Internet to check email, send a message, etc. Many scammers will increase the proliferation of fake and malicious Wifi spots. Using free tools like Metasploit and Karma, attackers can give you a working Internet connection and when you connect, it will harvest your information, credentials and maybe even your financial information.
8. Dangerous Downloads: Closely linked with many of the others is the increase in holiday screensavers or cute little animations that are anything but fun and cute. Instead. they are viruses, trojans or other malicious pieces of software. Of course, the protection for this one is easy… don’t download and execute programs from any untrusted source.
9. Increases in phishing and now smishing scams: Yep, you read right,now the new phrase smishing, where scammers are using SMS messages to draw people to give funds or information to malicious sources. Spam and email are used heavily by scammers; 79% of all email in the US is spam, but the nation is only Number 7 in the spam league. Britain comes in top with 94%, then China (90%), Hong Kong (89%), Australia (88%), Japan (86%), and Germany (83%). The Netherlands is 8th (78%) followed by Canada (77%).
10. The infamous free iPad: It is no doubt the iPad has taken the world by storm and who wouldn’t want a free iPad? Well that is just what many banners and sites are offering. This particular scam became so prevalent thatFacebook banned free iPad offers. There is no such thing as a “free iPad”. Even legitimate offers require the person to complete some other offers to get their “gift”.
Thieves and scammers want to go where there is a larger chance for success. The holidays afford them many opportunities to succeed. With a little bit of forethought and some planning, you can remain safe during this time of the year as well as all year long. As a side note, you can do a few other things to remain safe.
- Try to use credit cards instead of bank cards. Credit cards will offer you more protection from theft and scams and keep your hard earned money safer.
- Keep a regular eye on bank statements. Don’t let small charges you might think you “forgot” slide. Check into them and make sure that you are not a victim.
- If you get a call from a “company”, do not give them any information until you can call them back on a publicly listed number.
- Watch what you put in the dumpster. Credit card statements and un-shredded bills or receipts can be a great source of information for criminals.
- Be careful what you say over cell phones in public. I have literally seen people paying for gifts with credit cards in public places.. scary.
Again, with a little work and some forethought, remaining safe can be an easier task. Stay safe keep observant. Till next month.