With office parties, present buying and general merriment – ’tis the season to be jolly. However, with all the pressures and distractions of Christmas, it’s the time of year that cyber criminals like to strike. It’s also the time when we get bombarded by announcements of minor product revisions, solely aimed at trying grab the attention of Christmas shoppers. However, while trawling through our inbox, I found an interesting press release from the folks at McAfee regarding the “12 scams of Christmas”.
Their aim is to educate the public on the most common online scams used during the festive season and, of course, to remind us that they produce software to combat this sort of thing. Last year McAfee saw mobile threats for Android go over the 900,000 mark in the lead up to Christmas, before dropping by 50% in the first few months of the year. The company believes this trend will continue this Christmas, with the amount of mobile-specific threats likely to peak to even higher numbers. In addition, the first week of December sees cyber criminals open ‘the spam floodgates’ luring online shoppers with promises of amazing deals, false delivery notifications, personalised season’s greetings cards, credit card offers and more.
So, without further ado, behold the “12 Scams of Christmas”:
- Not-So-Merry Mobile Apps: Official-looking software for Christmas shopping, including those that feature celebrity or company endorsements, could be malicious, designed to steal or send out your personal data.
- Holiday Mobile SMS Scams: A widespread piece of malicious code known as FakeInstaller, tricks Android users into thinking it is a legitimate installer for an application and then quickly takes advantage of the unrestricted access to smartphones, sending SMS messages to premium rate numbers without the user’s consent.
- Hot Holiday Gift Scams: Ads that offer deals on must-have items that might be too good to be true. Clever crooks will post dangerous links and phony contests on social media sites to entice viewers to reveal personal information or download malware onto their devices.
- Seasonal Travel Scams: Phony travel deal links and notifications are common, as are hackers waiting to steal your identity upon arrival. Around 1,000 holiday scams took place in Britain last year, costing holidaymakers more than £1.5million, according to the National Fraud Intelligence Bureau (NFIB).
- Dangerous E-Cards: Legitimate-looking e-cards wishing friends “Season’s Greetings” can cause unsuspecting users to download “Merry Malware” such as a Trojan or other virus after clicking a link or opening an attachment. (Ed: Our tip is to only open cards from people you know).
- Deceptive Online Games: Before your kids are glued to their newly downloaded games, be wary of the games’ sources. Many sites offering full-version downloads of Grand Theft Auto, for example, are often fake and laden with malware, and integrated social media pages can expose gamers, too.
- Shipping Notifications Shams: Phony shipping notifications can appear to be from a mailing service alerting you to an update on your shipment, when in reality, they are scams carrying malware and other harmful software designed to infect your computer or device. With an estimated 20,000 click-and-collect points across the UK this Christmas and increasingly flexible delivery options, consumers should be on guard against cyber crooks capitalising on delivery notification.
- Bogus Gift Cards: An easy go-to gift for the holidays, gift cards can be promoted via deceptive ads, especially on Facebook, Twitter, or other social sites, that claim to offer exclusive deals on gift cards or packages of cards and can lead consumers to purchase phony ones online.
- Holiday SMiShing: During the holidays, SMiShing is commonly seen in gift card messages, where scammers pose as banks or credit card companies asking you to confirm information for “security purposes”.
- Fake Charities: Donating to charities is common this time of year for many looking to help the less fortunate. However, cyber criminals capitalise on this generosity, especially during natural disaster events, and set up fake charity sites and pocket the donations.
- Romance Scams: It can be difficult to know exactly who the person is behind the screen. Many messages sent from an online friend can include phishing scams, where the person accesses your personal information such as usernames, passwords, and credit card details.
- Phony E-Tailers: The convenience of online shopping does not go unnoticed by cyber scrooges. With so many people planning to shop online, scammers set up phony e-commerce sites to steal your money and personal data.
McAfee have also issued some general guidance for a scam-free festive season. First up is to ensure you review mobile apps carefully before downloading. Be aware, if an offer seems too good to be true, it probably is. Purchase directly from the official retailer rather than from third parties online. Ensure that you’re doing your research before sharing personal details with an organisation you’re not familiar with. Banking and credit card companies should never ask you for personal information via text message.
If you’re lucky enough to go away this Christmas then, before travelling, make sure that all of your software is up-to-date and run a virus scan. If you’re asked for a username and password after clicking a link, try using a fake input on the first login attempt. The extra few seconds it takes to load confirms that the page is actually looking for valid username/password combinations; scam sites will let you right in.
Image courtesy of felixsanch