The holidays are a time for cheer and joy, but unfortunately, they're also when cybercriminals take advantage of unsuspecting victims.
Here are three cyberthreats you need to watch out for this holiday season and what you can do to stay safe from them.
1. Phishing scams
To perform a phishing attack, cybercriminals send messages posing as a legitimate company or individual to trick their victims into providing personal information, such as credit card details or Social Security numbers. Cybercriminals usually send these messages via email, but some also use SMS and voice calls.
During the holidays, phishing scams typically revolve around the following themes:
Bogus online purchases
This scam involves messages — claiming to be from Amazon, PayPal, or other eCommerce organizations — that confirm the victims' online orders. To dispute or cancel the order, victims would have to click the link in the email. After clicking on that link, they will be instructed to enter their personal information to prove their identity. But in reality, threat actors can use such information to conduct identity theft or make fraudulent transactions.
Fake delivery updates
In this phishing scam, the victim receives a message purportedly from FedEx, UPS, or the United States Postal Service, notifying them of a delayed shipment or failed delivery attempt. This message usually has a link to a spoofed website that asks the victim to confirm their personal information in order to track their package's location.
Fraudulent travel promos
Posing as a travel agency, hotel, or resort, scammers send out messages with links to spoofed travel sites that offer enticing travel promos. To see these promos, victims are asked to input their personal information.
Whatever type of suspicious email you encounter, you can generally spot a phishing scam by looking for the following signs:
- Extra characters or misspellings in the sender's email address (e.g., @amazen.com instead of @amazon.com)
- Generic salutations (e.g., Dear Customer) instead of your name
- Poor grammar or spelling in the message
- Message creating a sense of urgency
- Contains a link that will lead you to a page that asks for your personal information
Moreover, don't click on the links or use any of the contact information in the phishing email. Instead, visit the official website or call the official number of the supposed sender.
2. Bogus retail websites
Since online sales skyrocket during the holidays, cybercriminals pounce on this opportunity by creating fake retail websites or spoofed versions of popular eCommerce sites to steal credit card details and personal information.
This is why you should limit your online shopping to reputable websites. You should also look out for these signs that indicate a website may be fake:
- Lack of SSL certificate – You can tell if a site is secure if it has "HTTPS" in the URL and there's a padlock icon next to it. This means the site is using encryption protocols to protect your personal information.
- Fake reviews – To verify a review, you can do a reverse image search of the reviewer's profile picture. If it shows up on other websites that have nothing to do with the product, then it's likely fake. You can also look for inconsistencies in the reviews, such as different usernames using the same profile picture.
- Short lifespan – You can check how long a website has been around by doing a Whois search. If the site was only created recently, it’s likely fake.
When in doubt, contact the official customer support of the supposed website to verify its legitimacy.
3. Fake charities
During the season of gift-giving, many businesses feel extra generous and want to donate to charities. Cybercriminals take advantage of this generosity by setting up fake charities to collect money from unsuspecting victims.
That's why you should always do prior research on the charity to ensure its legitimacy. Websites like Charity Navigator and GiveWell allow you to check if the organization is registered and trustworthy. Then, visit the charity's website to see how they plan on using the donations. If there's no information on where the money will go, it's probably a scam.
Finally, use a credit card instead of a debit card when donating online. This way, you can dispute fraudulent charges made to your account.
You can better protect yourself and your business from falling prey to these scams by partnering with Safebit . Our five-layer approach to IT security will surely keep your cyber defenses strong. Get in touch with us today.
