With Black Friday, Cyber Monday, and the holiday shopping season soon to be in full swing, cybercriminals are working overtime to turn your search for a deal into a score for the bad guys. Below, is an outline of a few perennial holiday shopping scams. It could be helpful to familiarize yourself with the warning signs around these hoaxes and some tips for avoiding them. Hopefully, these tips might help make your holidays memorable for the right reasons, not the wrong ones.
Phishing Scams: Fake Shipping Notifications, Phony Offers, and More
Phishing scams using fake emails are easy to create, cheap to send, and usually bear tons of fruit in the form of payment card information, account login credentials, and other sensitive pieces of data. Even seemingly innocent messages — like electronic greeting cards — can have malicious software (aka, malware) concealed within them.
Social engineers know that email inboxes will be flooded with order confirmations, shipping notifications, and special offers during this time of the year. They pattern their malicious messages after legitimate emails, which makes it easier to trick recipients. And they are not shy about using big-name brands and logos — like Apple, PayPal, FedEx, and others — to make things look more realistic.
Top Avoidance Tactic: Verify, Verify, Verify
Before you interact with a message, give it a good look and make sure everything seems on the up and up — and remember that it’s always better to err on the side of caution. Logos, ‘from’ addresses, and signatures are not proof of legitimacy; you must look deeper for confirmation.
Here are some questions to ask yourself about unsolicited emails:
- Do I know where this message came from?
- Does this message look like others I’ve gotten in the past, or is something off?
- Is this message confusing or does it make sense?
- When I hover over the ‘from’ address and web links, do I see addresses that make sense or does something look suspicious?
- Is this message asking me for personal information (like login credentials, credit card numbers, etc.)?
If you’re even a little unsure, close out of the email. Instead of clicking a link or downloading a file, visit a website by keying the address into your browser, and log into your accounts via secure channels to confirm offers and notifications.
Social Media: A Few Reminders
Many of us post where we are and what we are doing on Social Media. Remember, there are numerous tools that allow hackers to track social medial posts. Two tips:
- Post your trip and vacation pictures when you get back from your trip…posting while you are on your trip is an open invitation for thieves to burglarize your home.
- Turn on multifactor authentication. If you are using just a username and password, then this is the easiest way for a hacker to gain access your account. A secondary authentication method, such as a text message verification will help reduce the chances that your account will get compromised.