With the U.S. economy much improved, this year’s Christmas season is expected to be one of the best in years. And with the advance of digital technology, smartphones will be a key buying method for many consumers.
Put those elements together and you have an unfortunate scam on your hands – the use of phony text messages and Whatsapp messages to spread malware, ransomware, and general misery.
According to one study, one in every 25 apps supposedly issued by retailers especially for Black Friday are fraudulent. Researchers found no fewer than 32,000 phony apps promising special “secret sales” carried malware that could steal your credit card information, lock up your device in a ransomware scam, or unleash a malware agent on a corporate server if your device connects to the company’s network.
According to atlasVPN, cybercriminals now rake in over $1.5 trillion in total revenue every year. Meanwhile, 43 percent of shoppers who’ve had their identities stolen say it happened during the holiday season. In other words, cybercrime hits an all-time high during the holiday season, and you must know how to protect yourself.
Here are some of the most common scams that can trick even the smartest of us at this time of year and the cybersecurity holiday tips you need to get you through the season:
1. Beware of the Online Secret Shopper
The old “secret shopper” scam is back with a new online variation. As a secret shopper, victims are supplied with gift cards they can use to go shopping “on assignment,” evaluating a site’s customer service, delivery, and the like. As a reward, you get to keep the items you order, and/or actually get paid for your work.
Of course, if there is such thing as an “online secret shopper,” you can bet companies are not recruiting shoppers via random email or Twitter messages. To participate you have to hand over personal details, including bank account info, in order to allow for the transfer of your “salary.” Needless to say, once you’ve handed that information over, the scammers cut off communication and use your details to apply for loans or credit cards – or sell it to other scammers who do that.
Cybersecurity Holiday Tip #1
Unless you’re an employee of an organization that does this on a regular basis and/or the website in question, just ignore any secret shopper missives.
2. Think Twice About How You Purchase Big Name Gift Cards
Microsoft’s Bill Gates once gave away thousands of dollars to random email addresses, but in these tough economic times, scammers have downgraded to just a gift card, worth maybe $100. Times are tough enough, however, that even that paltry sum is enough to get the juices flowing among many victims as they click on the offered link in order to apply. Part of the genius of this scam is that the user may actually believe they have a gift card coming because they are such good customers of big names such as Amazon or Apple.
Once you click on a link, you’ll likely be taken to what appears to be an empty website – except it isn’t empty. The site will have already connected with your device long enough to dump a piece of malware on it that will eventually open up a communication channel with a remote command and control server. The hackers behind this site can then scan your device for useful information, credit card numbers, or other valuable data.
Cybersecurity Holiday Tip #2
Although it’s tempting to believe you are a “special” customer being rewarded for your loyalty, the chances of any of these companies offering a reward in this manner are minimal. If Amazon wants to give its customers a bonus, it has many other ways to do it.
3. Don’t Fall Victim to Fake Charities
After spending hundreds, if not thousands of dollars on gifts, meals, theater tickets, and the other appurtenances of the holiday season, it would take a particularly stone-hearted individual to resist giving to those in need — especially if the organization asking for the money rings a bell. Who, for example, wouldn’t want to help kids suffering from terminal cancer to visit Disney World or the Superbowl? That’s what the Make-A-Wish Foundation does. But there are many other charities with very similar names yet different motives. Instead of Make-A-Wish, a phony charity email scam would feature an appeal for the Children’s National Wish Foundation, with a link for donors to click on. Once clicked, the link may distribute malware and/or collect personal or credit card information.
Cybersecurity Holiday Tip #3
It takes a tough bird to resist heart-wrenching pleas for help, so for donors who are motivated to pony up, the best move is to avoid clicking on a link altogether and move your surfing to the site of the charity in question. By typing the verified address into a browser’s address bar, you’ll know you’re getting to the right site.
4. “Classic” Phishing and Spear-Phishing is Still Around
Black Friday and Cyber Monday online sales exceeded $10.8 billion last year, and eight e-commerce sites were responsible for nearly 60 percent of those sales. So the chances are pretty good that anyone who bought something online made purchases at Amazon, Wal-Mart, Target, Macy’s, and the others that topped e-commerce sales lists.
That concentration is good news for hackers running a spear-phishing campaign. All they have to do is flood email boxes with messages telling customers there is a problem with their order at one of these sites and that they need to log in and provide credit card data, shipping information, etc. If you didn’t shop at Macys.com, you probably wouldn’t click on a link or open an attachment in an email. But if you get one from Target.com, a site you did shop at, chances are much greater you will click — and submit your information, as requested.
Cybersecurity Holiday Tip #4
If there really is a problem with your purchase, the message should include some information about the order in question (order number, item purchased, amount paid, etc.) instead of “you must click on this link and submit information in order to resolve this.” If the message does not contain that personalized information, be assured it’s part of a spear-phishing scam. Send it to the trash, where it belongs.
5. Even Holiday Screensavers Pose a Threat
A relatively new – and very successful – scam is the holiday screensaver scam. Hackers of mobile apps or computer screensavers have developed a malware that can be used to rip off data and invade a device or recruit it to become part of a botnet to send spam or attack other devices. This is known as image steganography, and it has become increasingly popular amongst hackers.
Again, blame it on the holiday spirit. Rife with good cheer, who could resist a cute screensaver that shows Norman Rockwell holiday-themed images? Like many of these scams, hackers here rely on email, providing links or attachments that for all the world look authentic but actually transmit malware to computers or devices.
Cybersecurity Holiday Tip #5
iPhone users, of course, can trust the fact that anything they download from the App Store has been vetted; not so for Android users, who should do an exhaustive online search for information about any app they install. Ditto for desktop computers. Bottom line: Don’t touch anything — an attachment, a screensaver sent by message or mail, an app, or a link — that hasn’t been vetted.
Enjoy Your Holiday Cybercrime-Free with Votiro
Most of these attacks originate in an email sent to a victim, putting not only the victim at risk but also their place of employment, since so many people access their personal accounts at work – which makes vigilance and proper defense all the more important. At Votiro, we know the importance of staying proactive in your approach to cybersecurity. When you implement our Secure File Gateway, you will have peace of mind knowing you’ll stay free of attack. Powered by our Positive Selection technology, our gateway makes sure that only the safest file elements make it through to your network – every single time.
All these scams are based on taking unfair advantage of victims who are trying to make the most of the holiday period. It’s unfair and unjust, but with a little extra caution, you can keep yourself — and your company — safe from attack.