By Shira Landau, Editor-in-Chief, CyberTalk.org
Holiday cheer is in the air! Many of us are eager to gather, express gratitude, and give gifts. Unfortunately, the festive season is also when scams start to skyrocket, souring the spirit of celebration.
Even if you’re a cyber scam prevention pro, take the opportunity to raise awareness about scams among your colleagues, friends and loved ones.
Scammers target people in the following ways. We’re here to help you and yours avoid a heartbreaking holiday season.
10 common holiday scams and how to avoid them
1. Deceptive social media advertisements. These direct users to fraudulent online stores that pinch credit card information and personal details. Falling prey to such schemes can result in monetary losses and identity theft.
How to avoid: To safeguard against scams involving social media ads and fake online shops, conduct research on a given store (look for customer reviews, ratings and testimonials from reputable sources), be skeptical of deals that seem too good to be true, install security software to protect devices, and monitor financial statements for any unauthorized transactions, reporting suspicious transactions immediately.
2. Deceptive delivery notification texts can easily fool people who aren’t paying enough attention. These fraudulent messages falsely say that there will be a delay in shipping a product that you ordered, or they demand a payment fee under the pretext that it’s required for a package’s delivery.
How to avoid: To skip out on scams involving fake delivery notifications, verify the message source (confirm the legitimacy of the text message sender). Rather than clicking on links embedded in a notification, visit the official website of the delivery service; input the tracking number to access accurate and up-to-date information. Further, you can always contact a delivery company directly, using their official contact details, to verify the status of your package.
3. Scammers have been known to create phony charities in order to profit or to steal personal information. Some of these fake charities have been observed on GoFundMe.
How to avoid: To steer clear of these types of scams, check on the legitimacy of the charity by investigating the charity’s website. For crowdfunding campaigns, confirm the authenticity of the cause and the organizer – look for details such as the purpose of the campaign, how the funds will be used, and see if you can get a sense of the organizer’s credibility.
4. Fraudulent offers on airline tickets or scarce items. Numerous scams focus on the holiday surge in travel-related purchases or exploit the demand for sought-after products, enticing people to accidentally buy counterfeit tickets or merchandise.
How to avoid: Don’t fall victim to bogus deals. Ahead of making a purchase, research the seller and/or the website, exercise caution if the deal seems too good to be true (unrealistic prices, especially for tough-to-find items, can indicate a scam), ensure that the website has a secure connection (HTTPS, not HTTP), carefully read the terms and conditions of the deal, and trust your instincts.
5. Watch out for phishing emails that mimic emails from reputable brands. Scammers sometimes try to pose as representatives of familiar companies (Amazon, Walmart…etc.,). These deceptive emails employ social engineering tactics in an effort to illicitly obtain passwords, personal data and financial information.
How to avoid: Precautions such as reviewing sender information, remaining skeptical of unsolicited communications, and the avoidance of suspicious links can help. Verify giveaways or promotions by visiting an official company website. Install and regularly update reputable security software to enhance protection against phishing attempts.
6. While job scams are a growing concern year-round, they tend to target individuals who wish to make extra income around the holidays. Fake job postings may promise substantial earnings for minimal effort. The scammers typically aim to pilfer personal information under the guise of a hiring process. Or, they try to deceive people into sending them money for ‘supplies and training’.
How to avoid: To steer clear of job scams, people should exercise caution if there appears to be an unrealistic compensation structure. Also, individuals should be sure to confirm the legitimacy of the organization by checking its official details. Legitimate companies provide transparent and easily verifiable information online.
Further, a generic email address may indicate a job scam, as honest employers maintain a professional online presence. If a job requires payment for supplies or training, it’s best to avoid it. Don’t proceed with any job opportunity that raises doubts or concerns.
7. ‘Grandparent scams’ predominately prey on senior citizens, and involve impersonation of a distressed grandchild. The ‘grandchild’ typically requests money. In 2022, nearly 400 senior citizens fell victim to grandparent scams, leading to over $4 million in losses.
How to avoid: People with senior relatives can warn them about this scam. Seniors should question urgent requests for financial assistance, especially if they involve wire transfers or gift cards. If in doubt, those on the receiving end of suspicious messages are encouraged to directly contact other family members, using known and trusted phone numbers, to account for the seeming situation.
8. Hacking over public Wi-Fi is a persistent problem. While airports, hotels, cafes and other frequented locations may offer free public Wi-Fi, these networks are known for being easily hackable. Scammers leverage a method known as man-in-the-middle (MiTM) to intercept data.
How to avoid: Keep your credit card numbers, passwords and personal details private by avoiding the temptation to shop online while out-and-about. Shop from safe and secured networks only. If you’re concerned about your home network security, consider a VPN, which can encrypt your internet connection and protect data from interception.
If conducting a transaction while out, you may want to use your cellular data network for the transaction, rather than public Wi-Fi. Cellular connections are considered more secure.
9. Mobile entertainment risks. If you have a seven-hour flight head of you, with a two-hour layover, a mobile game can make the time pass quickly. However, take care in choosing a mobile game – some may compromise device security.
How to avoid: Before downloading any app, conduct a quick online search to gather information about it. Meticulously review the permissions that it requests. Note that a legitimate game should not require permissions to send text messages or to share information with third-parties.
10. Business email compromise (BEC) scams. Fraudsters have found success in impersonating company executives though email and text messages. These scams resulted in losses of over billions of dollars annually. They exploit urgency and authority, attempting to persuade individuals to pay invoices for events like holiday parties or to respond to phony billing requests.
How to avoid: If you think that you might have encountered a BEC scam, check for red flags, look at the sender’s email address again, and confirm requests with executives (via separate and verified communication channels).
Further, keep software, operating systems and security systems up-to-date. Report suspected BEC scams to your IT department or other relevant persons. Efficient reporting can help prevent similar scams from affecting others.
For more scam prevention insights, please see:
Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.