Top 10 Holiday Scams to Steer Clear of this Season
You have spent all night looking for the perfect gift online for your spouse, children or significant other. After hours of searching, you finally come across the ultimate package certain to grant you a lifetime pass to the Nice List — two tickets to the big game, hotel accommodations and dinner for two at the best steakhouse in town.
As it turns out, however, the package you bought isn’t worth much more than a lump of coal. You have been duped into clicking a false link, and you supplied valuable personal information to a disguised criminal network in the process.
1. Spear-phishing email scams
The holiday season is all about giving. But when long lost “relatives” you have never heard of start asking for money to be wired overseas from places like Dubai and Russia, you need to beware. It could be a direct attempt to steal your personal information using a practice called spear-phishing, which refers to a highly targeted identity infiltration attempt. Spear-phishing is especially prevalent during the holiday season, but something you need to be on the lookout year-round. Best practices call for using extra caution when opening an email from anyone — even trusted sources. Know your contacts, and know where the link will take you.
2. Requests for money to support the latest disaster
With a surplus of earthquakes, floods and snow storms as of late, there is always a natural disaster that calls for global support. However, before sending money along, make sure you trust the source soliciting funds. It does not take much effort for a criminal to create a false website and string together a heart-wrenching email meant to target your wallet.
If you are looking to give, make sure it is a credible source before wiring money. Organizations like Great Nonprofits, Guide Star and Charity Navigator help you be sure you’re giving to a legitimate organization. Or consider donating money directly to global charities like UNICEF, Global Impact or even the Red Cross, which has established non-profit organizations in most major countries.
3. SMS phishing (smishing)
A smishing attempt uses social engineering to gain access to personal information through targeted SMS (text message) attacks. If you get a false link to your smartphone asking you to unsubscribe or re-subscribe to a service, update your personal information or find out more information about a particular service, be careful before clicking the link.
In fact, be wary of any SMS from an unknown source. Most legitimate services will only send you updates (e.g., flight notifications). If you think the SMS is legitimate, determine the source and log directly into that account online without clicking through the SMS link. Luckily, the application sandboxing in place helps mitigate complete “pwning” of your device as the only accessible information is shared data, contacts, calendar, SMS, photos and other basic device data.
4. Mobile applications
When you download new applications — even if it is an app just for holiday carols — be sure to use legitimate applications stores like Google Play and the Apple App Store. These stores help improve the security of the mobile devices by thoroughly vetting the applications and ensure the proper use of digital signature technology. More than 90 percent of mobile malware comes from malicious applications that are obtained from side-loading Android applications. It is also important to be cognizant of the privacy settings of applications and pay attention to permission requests when applications are setup and installed.
5. Malevolent Wi-Fi networks
Whether you are trying to gain access to Wi-Fi in a hotel, a coffee shop or an airport, always be certain that the network you are connected to originates from a trusted source. Criminals know how desperate the average Internet user is for Wi-Fi and will often leave networks open to lure people in and rob them. When possible, authenticate to your company’s VPN before connecting to the public Wi-Fi to encrypt sensitive communication and information.