Dec. 17, 2012
Beware the 12 scams of Christmas
‘Tis the season for joy, thanks, friends, family, merriment, and fraud. In keeping with the holiday spirit, the Information Security and Privacy Office (ISPO) in the city's Information Technology Services department wants to share 12 of the most dangerous online holiday scams.*
- Social media scams - Be careful when liking Fan Pages, clicking on ads and deals that appear to be recommended by “friends,” or installing “holiday deal” apps that require your personal information to access. Additionally, beware of Twitter ads and special discounts utilizing short links, which could lead to a malicious, yet authentic-looking, website where criminals can hijack your personal information.
- Malicious Mobile Apps – Beware of downloading a malicious app designed to steal your information or even send out premium-rate text messages without your knowledge. Make sure you only download apps from official app stores and check out the app’s permission policies before downloading. Mobile security software can also help protect you against dangerous apps.
- Travel Scams - Many of us travel to visit family and friends over the holidays, and begin our journey online looking for deals on airfare, hotels, and rental cars. But before you book, keep in mind that the scammers are looking to hook you with too-good-to-be-true deals. Phony travel webpages with beautiful pictures and rock-bottom prices are used to get you to hand over your financial details.
- Holiday Spam/Phishing – We’ve all seen spam emails containing questionable offers, but this time of year they take on holiday themes – cheap watches and pharmaceuticals may be advertised as the “perfect gift” for that special someone. You can expect to see an increase is holiday-themed phishing emails that try to trick you into revealing financial or personal details by posing as an offer from a legitimate business.
- Hot Holiday Gift Spams – The kind of excitement surrounding the latest electronics is just what cybercrooks dream of when they plot their scams. They will mention must-have holiday gifts in dangerous links, phony contests and phishing emails as a way to grab computer users’ attention…and their personal information.
- Skype Message Scare - People around the world will use Skype to connect with loved ones this holiday season, but a new threat appears as a Skype instant message inviting you to click on a link to verify information. When the link is clicked, a virus downloads onto the hard drive, blasts the dangerous link to all of your contacts, and can even try to extort money from some PC users to regain access to their files.
- Bogus Gift Cards - Gift cards are probably the perfect choice for a lot of people on your holiday list, and given their popularity, cybercriminals can’t help but want to get in on the action by offering bogus gift cards online. Be wary of buying gift cards from third parties – it is best to buy from the official retailer.
- Holiday SMiShing- “SMiSishing” is phishing via text message. Just like with email phishing, the scammer tries to lure you into revealing information or performing an action you normally wouldn’t do by pretending to be a legitimate organization. Be wary of SMiShing messages that appear to come from your bank, asking you to verify information or visit a phony webpage.
- Phony E-tailers – Be careful when selecting online retail sites - phony ecommerce sites will try to lure you into typing in your credit card number and other personal details, often by promoting great deals. However, you never receive the merchandise, and your personal information is put at risk.
- Fake Charities - This is one of the biggest scams of every holiday season. As we open up our hearts and wallets, the bad guys hope to get in on the giving by sending spam emails advertising fake charities. They may try to fool you into thinking that they are a real charity, such as the Red Cross, with a stolen logo and copycat text, or the charity may be entirely invented.
- Dangerous E-cards - E-cards are a popular way to send a quick “thank you” or holiday greeting, and while most e-cards are safe, some are malicious and may contain spyware or viruses that download onto your computer once you click on the link to view the greeting. Make sure that the card comes from a well-known e-card site by checking the domain name of the included link, check to see that the sender is someone you actually know, and that there are no misspellings or other clues that the card is a fake.
- Phony Classifieds - Online classified sites may be a great place to look for holiday gifts and part-time jobs, but beware of phony offers that ask for too much personal information or ask you to wire funds via Western Union, since these are most likely scams. If you’re going to purchase an item or apply for a job, try to do it in person in a public place, and when purchasing an item, pay in cash and never agree to pay for an item before receiving it.
Learn more about these 12 scams and how to protect yourself and your family online at the Information Security and Privacy website.
If you have questions regarding the ISPO, send an email to email@example.com.
* As reported by McAfee Inc.