Beware of Holiday Scams!

With the Holidays Upon us, Criminals are at it Again

As the holiday season approaches, we find that things get even busier and of course, that means we see more and more scams. The holiday shopping season is routinely a time of increased cybercrime, as people scramble to attempt to get gifts for friends and family. Which is why this year, and every year, people will need to maintain a heightened security awareness.

The National Retail Federation expects to see a sizeable increase in shopping revenue this year, estimates this year are close to $950 Billion. Of that increase, approximately $260 Billion will be driven by online sales alone, which is another increase over last year. Even with most of the country back open, the convenience of online sales reigns supreme.

However, it’s not just retail scams that are on the rise.  Criminals are also utilizing other tactics to steal from unsuspecting victims.  This year alone we have seen a 70% increase in cybercrime. Below we will look at a few of the more prevalent scams these criminals utilize.

Scam websites

Black Friday scam sites are bogus sites offering high-end retail items with huge discounts. Many times, these are simply knock-off items, and you end up wasting your money. However, these sites can also lure unsuspecting victims to a malicious website that not only steals your money but also your credit card and personally identifiable information, to be used at later dates for even more profit.

These scam sites come in the form of either links on social media outlets or phishing emails disguised as the well-known, trusted brands in question, knowing that people are looking for good deals and the ability to score highly sought-after gifts.  Many times, these websites will either look like the actual company website or pretend to be a retailer offering fantastic discounts.

Another tactic is to utilize URL shortening. On social media, cyber thieves use “URL shortening” services to disguise phishing URLs. As a result, a short URL can be used to redirect visitors to a longer “hidden” URL. On Twitter the process looks like this:

The process for this is similar in Facebook as well. Like their phishing email counterpart, these scam sites offer absurd discounts or access to highly sought-after gifts like the PS5 or Occulus VR system.

Secret Santa- SHHHHHH!!!

Another tactic criminals are taking is a holiday-themed take on the amazon gift card scam. These spear-phishing attacks pretend to be a colleague (or the CEO) who needs you, the victim, to purchase the amazon gift cards for them. The excuse is that they are pressed for time and their gift recipient is hovering, so the sender cannot purchase the gift card themselves. If only you, the victim, could help!

We understand the desire by all of us to help a friend or colleague, but as always, we urge caution when asked to purchase anything online. Remember, a 30-second phone call can save you hours of headaches later.

Your Package is on its WAY!!!!

Christmas Story, Home Alone, Die Hard, and fake shipping emails. Sometimes a classic is just a classic. The same goes for this scam email that we see about every year. By pretending to be Amazon, a shipping company, or even reputable stores, criminals will inform their victims that a package is on its way, and to click on the provided link to review the order or track the package. Because of how often people purchase things online and share logins, victims will click on the link without a second thought. These links will either go to a phony website or download a malicious file to the victim’s computer.

In these instances, there are a few tricks on how to avoid being made a victim. First, look at the sending email domain. While the subject may say Amazon or FedEx, the malicious email domain will be something different. Second, go to the actual company website and confirm whether there is an order being sent, and if that does not work ask the family if they know.


Digital Holiday Cards

Much like the above email scam, criminals are using the digital age and holiday traditions of greeting cards. These scams are straightforward, you receive an email with a link to view the greeting card created by the sender. Sadly, the link is just a ploy and now you have allowed the criminals access to your system. Talk about BA- HUM BUG.

So, what can you do here? As always check the email and who the card is supposed to be coming from and who the card was sent from. We are pretty sure grandma has enough trouble utilizing Facebook, so there’s a pretty good chance that she is NOT sending out digital Christmas cards this year. Then, give the supposed sender a ring to verify that they sent the card.


Free Wi-Fi is never FREE

While not necessarily a scam, it is always something worth mentioning. Whenever possible DO NOT USE free Wi-Fi. This is especially true when online shopping. While hackers and criminals are always looking for ways to gain access to your computer simply to steal data, using Free Wi-Fi and actively entering credit card information or PII (Personally Identifiable Information) makes their task far too easy.

So, while it might seem like a good idea to multitask and do some quick shopping on amazon while waiting on your peppermint latte in Starbucks, please save your shopping for when you get to a secure network.

How Can Summit help

As it goes, throughout the year the best line of defense is due diligence and heightened wariness, especially with links and phishing emails and this time of year is no different, be hesitant to click on any links until you can verify their authenticity and if an email seems suspicious, then give the sender a call. For businesses, implementing and utilizing a Security Awareness Training Service will help you learn more tools and tips, to help outsmart the cyber crooks.

The Summit Security Awareness Service goes beyond training to make security awareness an embedded habit. If you would like to learn more about establishing Security Awareness Training for you and your employees give us a call today – and of course, have a happy and safe holiday season!





On Key

Related Posts

Takeaways from the CMMC Rule Publication

The Department of Defense’s CMMC program has taken a giant step ahead with the publication of the CMMC Proposed Rule on December 26th in the Federal Register . This begins