This year has been a whirlwind of scammers, thieves, and just all around grinches. Those of us who work in cybersecurity are constantly on guard to protect our personal data. We’re suspicious of links and always on alert against online attacks. Even some of my industry peers have been enticed by amazing holiday deal emails and ads. These criminals use a collective thirst for a bargain to steal credit card information and manipulate financial transactions.
Don’t make a cyber attacker’s holiday dreams come true! We can make a difference. Here are seven things you can do to ensure you, your friends, and family are safe, and scam savvy this season:
- Take Care with Holiday E-Cards: Many friends and family are opting to send digital cards instead of printed. Criminals, too, will welcome the holiday season with themed e-cards sent to unsuspecting recipients. If you click on and download an attachment to access their card, you may be gifted malware. Make sure you know the recipient and are expecting a digital greeting.
RED FLAG: If you don’t recognize the sender’s email address, or if the sender’s address is a misspelled version of a friend’s or family member’s name, it’s a scam.
- Be Careful with Gift Cards: Buy them from reputable companies and keep those transaction receipts. Hackers use a bot called GiftGhostBot to run through a store’s online gift card balance check system looking for a match–meaning a valid gift card number with an activated balance. Once the bot finds a match, hackers use the gift card themselves or sell it on the “dark web.” And it should go without saying that if someone calls and says they’re from the IRS or a collection company and asks you to buy and send gift cards to pay an overdue bill, it’s a scam. No government agency of reputable business will accept gift cards as payment.
RED FLAG: If you notice the balance of your gift card is gone, then contact the gift card issuer immediately.
- Scrutinize Social Requests: If you don’t know the person, don’t accept the request. Often, cyber adversaries will send fake friend requests to entice recipients into re-connecting with old friends. Many of these come from spoofed social networking sites that include malware-embedded links. If you don’t personally know someone, don’t click to connect.
RED FLAG: If you get a friend request from someone who is already a connection, chances are it’s a hacker. Check with your existing friend to see if they created a new account before accepting the request. If it’s a new contact from an old friend, exercise care.
- Safe Online Shopping. Cyber adversaries love a good deal. Like tired, desperate shoppers looking for the best deal ever! Rather than click on links retailers send to you, read the email, then go directly to vendor sites. Do not use e-mail links to get to your favorite sites. Take it one step further and look to make sure the site is verified as trustworthy. Does the vendor’s site use “HTTPS”? Look also for the security “padlock” symbol next to it. Finally, make sure to use credit cards, which typically limit personal liability, and avoid debit cards.
RED FLAG: Sites that sell through social media ads aren’t always reputable, especially during the holiday season. Before you click on a link to that great product in your feed, be sure to verify the seller and make sure they’re a legitimate business.
- Beware of Fake Invoice/Delivery Notifications: I’ve had several notifications already this year of packages shipped. Funny thing is, I wasn’t expecting any packages … and, naturally, nothing arrived. Criminals know very well that we are buying from e-retailers. And often, these goods are being shipped via well-known express carriers, such as FedEx and UPS. Criminals will create fake e-mails and/or delivery notifications asking you to click hostile links or provide financial information to “credit” your account.
RED FLAG: If you get an out-of-the-blue text message saying that you need to click a link to confirm payment before they can deliver an item, it’s a scam. Don’t do it! Again. Go to the online retailers website directly and see if they are missing any information.
- Protect Against Phishing: Whether your giving nature kicks in or you’re looking for another tax write-off, cyber adversaries love to take advantage of users’ benevolence during the season. This could be in the form of fake email soliciting donations to your favorite charities. Or it could be spam from friends containing links and attachments, or even emails from financial institutions asking for account information. These e-mails often contain links to fake websites that seek to take money or steal credit card information.
RED FLAG: If you get an email that seems threatening or alarming, and is demanding you to click a link or provide personal information immediately to avoid repercussions, it’s probably a phishing attempt.
- Be Wary of Classified Ads: Remember, if it seems too good to be true, chances are … it is. Just read the reviews in a famous company’s “marketplace.” Many report paying and not receiving their goods and services. In the attempt to lure potential victims, criminals will post classified ads for products, but the scammer/seller has no intention of sending the product. They just want your financial data for skimming. Similarly, don’t buy second-hand gift cards. Some will sell you the card that you just verified the balance on, and then use the funds on the card as you drive away.
RED FLAG: If you’re purchasing from a local marketplace or swap group and the seller insists on an online payment before you meet up to take delivery, it’s a scam. They’ll gladly take your money and leave you hanging.
Holiday Cyber Shopping To-Do List
During this especially chaotic time, it is imperative you stay cyber safe and aware! We’ve told you what to avoid. Now here are some proactive steps to help keep you safer while you navigate the world of cyber shopping.
- Stick to known sites and vendors: If you see something on an ad that you like, go search for it through a trusted online source.
- Use strong passwords: Use a password vault so that you can make strong passwords and change them often.
- Don’t let your browser store your credit card: It might seem convenient to not have to enter your card number every time, but storing credit cards through your browser is not considered to be a best practice.
- Use online payment brokers: Sites like PayPal, Venmo, and others adhere to strict payment card compliance standards that smaller vendors might not be following.
- Check the terms of service: Don’t give your personal information—and especially don’t give your credit card information—to a site that has questionable terms of service around data privacy.