That time of the year when we should also keep an eye on online scams.
Christmas scams and winter holidays go together like horse and carriage, this I tell you, brother, you can’t have one without the other.
Unfortunately, this is the jingle of online scammers, who take advantage of the buzz around holidays to find new and creative ways of relieving you of your money, your data or both. However, you don’t have to be a cybersecurity expert to avoid their grips, as we will outline in this run-down. We also include valuable advice from experts, so you can better protect yourself against any and all online Christmas scams.
Now let’s see what you need to avoid this season!
1. How to avoid all online shopping Christmas scams
For example, in 2016 City of London police officers estimated about £10 million losses to these kinds of scams. One victim lost £86,000 when they tried to purchase a boat from a fraudster on eBay, police said. That’s just a very tiny tip of a very big iceberg.
Only in Australia, a Commonwealth Bank report revealed that Aussie shoppers will spend $11 billion during the 2017 Holiday season.
Up to 13.3 million Australian citizens will also shop online. It stands to reason that the numbers are similar across developed nations, so protection against online shopping scams is essential.
We are surfing online looking for the perfect gift and so many options in front of us that we don’t know what to choose from. But are they real? Online scammers and IT criminals post fake ads and run websites they control in order to retrieve our online banking credentials and get access to our sensitive data.
To stay safe from this type of scam look for a few clues:
- Is the advertised price too low to be true? Check the price for the item on other websites and see where it should be.
- Avoid any unusual payment system for an online item, like a money order or wire transfer.
- If you choose to pay from the website’s payment system, look for details that could indicate you are on a hacker-controlled website. There are cases when the scammers direct you to a fake payment site, so look at the URL of the page.
EXPERT ADVICE #1:
• Verify the Web address of the shopping sites you visit. There are many copycat websites of large retailers, especially this time of year.
• Beware of Websites with steep discounts on brand name or highly sought-after products. If you’re visiting a Website you’re not familiar with and the prices seem too good to be true, they probably are. Cybercriminals will purchase these products with stolen credit cards and quickly create a site to sell them at steep discounts. Or, you might place an order and never get anything. In both cases, the thieves obtain your credit card details when you place an order. Check domain registration sites like whois.net to find out when a Website was created and where it is registered. If the Website was created in the last few months, proceed with caution.
• Use caution when making purchases through advertisements on social media. Cybercriminals often place ads to phish for credit card information or to infect your computer or phone with malware. Use a search engine to verify the company name is legitimate, search for the company’s name + “reviews” and/or look in the comments of an add or post, as many times other consumers will comment if the ad is a scam.
• Only purchase gift cards from reputable businesses. Credit-card thieves love purchasing gift cards with stolen credit cards because many hold their value well and there is a thriving secondary market.
2. How to stay away from gift card scams
The holiday gift cards are usually promoted via the social media networks, like Facebook or Twitter, and claim to offer exclusive deals or hidden deals.
The problem appears when the gift card is fake and it’s just an excuse to ask the victim for its personal details or credit card numbers. In the 2016 Holiday season, Amazon shoppers were tricked in droves by third-party sellers who used phishing and spoofed emails.
These malicious sellers lured consumers to leave the Amazon site at the time of payment via very convincing confirmation emails or gift card offers. Amazon itself stayed silent on this topic.
This year we will probably see even more ways of tricking consumers out of their hard-earned cash.
To avoid being fooled into buying a fake gift card, make sure you:
- Don’t click suspicious links on social media sites, even when the “special offer” comes from a friend.
- Don’t fill online surveys that ask for your personal information.
- Check the offer online if it’s just too good to be true. You can contact directly the official website of the producer or you can look it out on search engines and see what results appear. The scammers usually target a large number of people and some results should appear, in case this is a real scam.
- Pay special attention when buying small animals, mobile devices, cars or motorbikes, since they are some of the most used scamming items.
- Don’t use Amazon gift card generator tools, websites or apps, they’re all scams.
EXPERT ADVICE #2: NEVER USE AMAZON.COM GIFT CARDS FOR PAYMENT OUTSIDE OF AMAZON.
Via Amazon itself.
3. How charity scams work and how to detect them
Christmas time is a good reason to be kind and generous with the less fortunate people around. That is why we find so many legitimate charity organizations appeal for money or food donations. At the same time, it is a good cover-up for scammers and online crooks to steal your money.
We also want to highlight sites that sell cheap trinkets while pretending to be a charity.
You probably saw something like it in the last week, when it appeared on your newsfeed promising a free octopus ring or a free glowing necklace. We highlighted many types of scams on Facebook here. Another example is Save Our Oceans NOW, who has 1 stars on TrustPilot but still continues to fool consumers.
Here’s how it works:
- They claim to be an online store that donates to a charity or a charity selling wares to support itself
- They offer a guaranteed freebie, you just have to pay shipping fees
- You willingly give out all your sensitive personal info and pay a modest sum (5-10 dollars) for the product
- If lucky, you receive the product
- If you receive the product, you’re happy and advertise their scam to more friends
In the best case scenario, you got yourself a “free octopus ring”, after only paying 8 dollars in shipping fees.
Meanwhile, that ring costs around 50 cents in China and is delivered to you through a tactic called ‘dropshipping’. That means the store you make your purchase at doesn’t actually have the products available, it just places an order on your behalf to a Chinese factory.
This factory processes your order and requires absolutely no shipping fee. The original store in which you placed your order has absolutely nothing to do with the product in question, it just gets your money and your data, then makes the manufacturer send you that product.
Dropshipping is a popular and respected e-commerce practice, but it also leaves room for shadiness like these scams.
Back to the Save Our Oceans one.
So you just paid for shipping and your money goes not to the shipping of the ring (because that’s free) or to a charitable cause because that’s the scam. Your money goes to the website holders themselves.
In the process, if you haven’t paid by Paypal, you also willingly gave out your name, address, phone number and credit card info to the scammers.
They will use this data to target you with other scams as well, then sell their “customer” database to any takers (most of them with bad intentions).
To send your money in the right direction, take the following measures:
- Check if the website is genuine before sending your money. The site may use official logos and appear as real. This doesn’t mean it is.
- Contact the real charity groups directly to make your donation. Do not donate anything to intermediary people or suspicious sites.
- If you are approached by a charity group or person and you are in doubt, check online for the organization’s name or the person’s name who requested the money.
- Never pay shipping for a “freebie” like this. Just use the money and buy the freebie directly from a reputable seller, it’s often much cheaper and safer for your personal information.
EXPERT ADVICE #3: DO YOUR RESEARCH FIRST TO MAKE SURE YOUR CONTRIBUTIONS GO TO ACTUAL CAUSES AND NOT SCAMMERS’ POCKETS.
4. How to see Christmas e-card scams for what they are
Christmas time period is that time of the year when we give presents to friends and family members. But we also send Christmas e-cards to people we appreciate. And of course, we too receive Christmas e-cards, which is a good thing, unless we are dealing with an online scam.
In these unfortunate cases, the Christmas e-cards we receive could contain hidden malicious software or a link to a hacker-controlled website.
For this reason, we need to pay attention to the animations, pictures, videos or links in the e-card that could download malware or send us to a site that contains malicious content.
Therefore, in the end, it is the malicious content that should worry us because it may be used to steal sensitive data from our computers or valuable information.
To stay safe from special holidays’ compromised e-cards, follow these general guidelines:
- Pay attention to spam campaigns that try to push these phishing attempts to you.
- If you receive a suspicious e-mail, do not open it, do not click any link or download any attachment.
- Make sure you have not only antivirus protection, but also a good anti-spyware program.
- Even if you receive such an e-mail from a friend, it doesn’t mean that he or she actually sent that e-mail.
According to the Kount Merchant Holiday Retail Guide, Cyber Monday 2017 saw the biggest increase in fraud attacks, at 134%.
EXPERT ADVICE #4: NOT SURE IF THE ECARD YOU RECEIVED IS A SCAM? ONE SIMPLE THING YOU CAN DO BEFORE OPENING AN ECARD IS TO CONTACT THE SENDER AND ASK THEM IF THEY REALLY SENT YOU THE CARD.
If they did indeed send the eCard, you’ll get peace of mind before opening it and the opportunity to thank them properly!
5. How to be safe from catfishing and other romance scams
This is an old one and we have all seen it in a form or another. In 2016 there was a 20% increase in this type of spam, with an estimated $230 million in losses. However, FBI saysthat only about 15% of romances scams are reported, so the true number can be much higher.
A classic romance scam usually starts with a conversation on a social media account or by exchanging a few e-mails.
Since we are dealing with an old scam, this one involves a lot of experience from the scammers and a little knowledge of human psychology. All of us want company and affection, especially in winter time, and all of us spend even more time connected to the Internet.
Just to name a few practices from what we mentioned in this article, online crooks use fake profiles on apparently legitimate sites in the famous practice called catfishing, run Tinder, Viber or Kik bots in phishing attempts to obtain your data and even inject malware into your computer or smartphone.
To avoid a romantic disappointment and protect yourself:
- Do not trust anyone you meet online or someone who asks for money or your credit card information.
- Beware of sharing your most intimate information on social media or dating sites. Even if you receive similar information from the other person, you cannot verify the truth of this info.
- Take advantage of these security guides and be proactive with what you care most about
- If targeted by spammers, warn others of their methods
EXPERT ADVICE #5: GETTING THE INFORMATION OUT THERE IS THE NUMBER ONE WAY TO DISRUPT SPAMMERS. PUT ALL THAT STUFF OUT THERE SO OTHER PEOPLE CAN BE WARNED.
Via Wayne May, Scam Survivors founder
6. How to stay clear of games giveaways and lotteries scams
There ain’t such a thing as a free lunch. This old adage applies to both giveaways and lotteries scams. There is no Microsoft Email Lottery, no Uber Online Lottery with free rides and no Linkedin Online Lottery, just to name a few common ones.
The lottery scam will never truly go away because people will always hope to win something.
It starts with a message being sent to the victim and letting the person know a ridiculously huge amount of money or benefits have been won. All the victim needs to do is “just” pay for the small processing fees or complete some forms.
To stay safe from this online scheme:
- Do not trust such an e-mail or offer. Google it beforehand.
- Do not even open such an e-mail, least of all click anything in it.
- Do not complete forms in a giveaway
A similar lottery scam, a much harder one to detect, is targeting gamers around the world. It’s harder to detect because many game companies or influencers do host giveaways offering free games.
In general, with games you should do this:
- Do not click links sent via private messages in the game client (League of Legends, Steam, Battlenet etc) or on streaming platforms like Twitch
- Don’t sign up for quizzes promising that the winner will get a free game
- Don’t sign up for contests requiring more than a simple comment on Reddit or a forum, one which does not ask for your personal information
- Go to the official webpage of the supposed giveaway provider and check if they mention the contest. If League of Legends hasn’t announced a giveaway, then there is none.
EXPERT ADVICE #6: THE PRIMARY ADVICE I WOULD OFFER IS TO CHOOSE A SECURE PASSWORD THAT IS NOT USED ON ANY OTHER SITES(DEFINITELY NOT YOUR EMAIL ACCOUNT PASSWORD).
A long, non-recycled password is a great way to protect your account in combination with email verification
We also have a very fun account security video that the Riot team worked on
Via Christopher Hymes, Director of Information Security at Riot Games
7. How to identify winter holidays travel scams
We wrote one of the most comprehensive guides on protecting yourself against airline scams. Since the holidays are approaching, we really need to underline the fact that airline scams are just a tiny part of a booming industry: online travel scams.
The worst scams of this type simply take your money and don’t send you anywhere, maybe just to the police to file a report.
This is what happened here when a couple was just one of the many to lose thousands of pounds on fake Airbnb listings.
The “happy” cases of Christmas scams based on holiday bookings hide the real costs of your trip. You will end up paying more than initially thought.
These hidden costs could be necessary to pay when you get there to access a local attraction, pay for transport costs or other hidden fees.
To make sure you are not the victim of travel scams:
- Always buy airline tickets or book a travel offer from official travel websites.
- If the price for the trip or for the flight may be too low to be true, it may actually be some sort of scam.
- Here are another 3 useful tips to avoid airline scams online
EXPERT ADVICE #7: IT’S REALLY SIMPLE; DON’T CLICK ANYTHING IN ANY UNSOLICITED EMAIL YOU RECEIVE, EVEN IF IT’S ADDRESSED TO YOU.
If it’s a bona fide deal, open a new browser window and go to the agent’s or retailer’s website, and you’ll find it. Better still, use Gmail and Google’s excellent spam filter will put everything suspicious in a junk folder, and prompt you not to reply or click, even if you get tempted.
However, even official airline websites don’t exactly help foster consumer trust. Just yesterday after I entered my credit card number to buy a flight I was told that the price had risen since I started the booking process. That’s dishonest and unhelpful, to say nothing of airline booking websites that pre-select travel insurance and confirmed seat fees.
Via Jamie Carter, travel journalist
8. How to avoid Christmas screensavers bundle malware
Sites hosting screensavers have long been plagued by malware and trojans, and the biggest vector for infection might just be the biggest problem in town.
As Emsisoft also highlights, holiday search terms are loaded with additional downloads like potentially unwanted programs. In essence, they’re the gift that keeps on giving. Not joy or beautiful Christmasy landscapes, but pop-ups and dangerous types of malware and ransomware.
So, before decorating your PC with snow-laden houses, do make sure you’re visiting safe websites and not downloading anything malicious. You can do this by using a traffic-filtering software that blocks malicious websites and, of course, by having an antivirus installed.
We also found a great list of screensaver suggestions and safe sources on Digital Citizen.
EXPERT ADVICE #8: BE MINDFUL OF UNSOLICITED DOWNLOAD PROMPTS, UNUSUAL FRIEND REQUESTS AND FAKE BANK EMAILS.
9. How to identify shipping notification Christmas scams
This time of the year marks a big increase in the number of items purchased online and, at the same time, in the number of confirmation emails and shipping notifications we receive.
But are all these notifications real? As we previously highlighted, some of them may be fake and dangerous! An email requesting an update on your shipment could be a disguised attempt to retrieve valuable information from your online banking account.
This email might or might not have an attachment that you are requested to download. You could be dealing with a phishing e-mail, an e-mail designed to spread ransomware or any other combination, so take precautions!
EXPERT ADVICE #9: SHOULD YOU RECEIVE ANY OF THESE EMAILS, DO NOT FOLLOW ANY LINKS PROVIDED OR CLICK ON ANY ATTACHMENTS. INSTEAD, SIMPLY DELETE THE EMAIL. IF YOU’VE ACCIDENTALLY SELECTED A LINK, YOU SHOULD RUN A VIRUS SCAN IMMEDIATELY.
10. How to spot fake jobs, financial opportunities, and Christmas scams for loans
One of the busiest periods in recruitment is the holiday season. Job seekers around to world flock to job sites in order to boost their careers. Malicious hackers get a present as well: the personal details of those jobs seekers.
A popular method of gathering sensitive information is phishing via fake job sites. Unsuspecting victims simply give out their name, address, phone number and even SSN, thinking they’re applying for a job through an established career portal.
Another one is good old-fashioned emails from “recruiters” or “staffing agencies” – click the link and at best you give out your personal information, at worst you find yourself with a malware infection.
EXPERT ADVICE #10: BE AWARE OF FORMS ASKING FOR YOUR PERSONAL INFORMATION LIKE BANK ACCOUNT AND PASSPORT NUMBERS.
Be rational. Unless you’ve been actively applying for jobs, it’s unlikely someone is going to find you in the “internet resources” and offer you an amazing job.
The holidays are a time for presents, not falling prey to Christmas scams, so use this guide to stay safe and spread the cheer (and valuable info!) to your loved ones.