As a cybersecurity professional, I’m constantly on guard against online attacks and diligently protect my personal data. But for every professional like me who takes cybersecurity seriously, there are thousands of unsuspecting shoppers who lack the basic knowledge needed to protect themselves from some of the more common scams during the holiday season.
We can make a difference. This time of year is a perfect opportunity to educate our friends and relatives about the tricks and deceptions scammers use to steal credit card information and manipulate financial transactions. While these tricks aren’t new to those who live and breathe cybersecurity, at least some of your friends and relatives could benefit from a little Holiday Cybersecurity 101.
Here are some of the more notable scams you might think about sharing with your friends and family this holiday season:
- Practice Safe Online Shopping Behavior. Go directly to vendor sites and avoid links in e-mails to those sites. Ensure the site is verified as trustworthy. See if the vendor’s site uses “HTTPS” and look for the security “padlock” symbol next to it. Use credit cards, which typically limit personal liability, and avoid debit cards.
- Guard Against Phishing Attempts: Attackers take advantage of users’ benevolence during the season and send out fake e-mails soliciting donations to legitimate charitable organizations. These e-mails may contain links to fake websites that seek to take money or steal credit card information. Watch out for spam from friends containing links and attachments, and emails from financial institutions asking for account information.
- Practice Caution with Holiday E-Cards: Criminals will send holiday themed e-cards to unsuspecting recipients. Criminals hope the recipient will then download an attachment to access the card. The attachment is typically malware that deploys onto the recipient’s computer.
- Scrutinize Social Networking Requests: Criminals will send fake friend requests to entice recipients into re-connecting with old friends. Many of these come from spoofed social networking sites that include malware-embedded links.
- Watch for Fake Invoice/Delivery Notifications: Criminals know consumers are buying from e-retailers. Many of these goods are being shipped via well-known express carriers, such as FedEx and UPS. Criminals will leverage these known services to create fake e-mails and/or delivery notifications asking you to click hostile links or provide financial information to “credit” your account.
- Be Suspicious of Classified Ads: In the attempt to lure potential victims, criminals will post classified ads for products they don’t have or won’t send. After receiving the buyer’s financial information, the scammer/seller has no intention of sending the product. Remember, that there are reasons why deals seem “too good to be true.”