The Twelve Scams of Christmas
Cyber criminals are always looking for new ways to scam or infect new users. When most of us are busy finishing off our last minute Christmas shopping and planning how to get from one dinner to the next, malware developers and scammers are taking advantage of our distracted minds. The holiday season offers many ways to package classic scam techniques with pretty bows so appealing that we can’t help but open that email, click that deal or purchase discounted vouchers for the relatives who seem to already have everything.
Don’t worry. Emsisoft has your back. Here are the 12 scams to look out for this Christmas:
Romance brings vulnerable hearts to scammers
Feeling isolated this Christmas? For many people Christmas is not about family and love, but a lonely night without company. Scammers count on this. Online romance scams happen all year round but are particularly popular around Christmas when lonely hearts are at their most vulnerable. Amy* saw the holidays ahead and after two lonely years since the death of her husband, signed up for an online dating service. Her contact with Duane was intense and constant, exchanging calls and texts all day every day until he was due to arrive at her home. His money was tied up, he said, and needed to borrow some money to release some parts he needed to finish the project he was working on in Malaysia. Amy sent him $8,000. He was due to fly home, having even sent her a copy of his itinerary but he was held up at customs, he told her, and would need to borrow some money to bribe the guards. She set a further $10,000. Long term relationships are cultivated online by scammers who, once they have gained the trust and love of a victim, will begin to slowly ask for money in smaller amounts until, such as in Amy’s case, sums can run up to $100,000 or more before scammers disappear. Actual figures are hard to find but the 1,165 members on romancescams.org who were willing to disclose the amount of money they had lost reported a total combined loss of $14.1 million – more than $12,000 apiece, on average.
Dodgy travel deals steal credit card information
Planning a vacation this holiday season? There is no getting around the fact that Christmas travel is expensive. If you find a deal that seems too good to be true, chances are it is. Be mindful of travel deals that pop-up through advertising. NEVER purchase travel from an email leading you to a third party site. Beware of fake travel websites that imply relationships with major airlines that do not actually exist. Stop and think before entering credit card details. Use Google Earth and Street View to check on the location of hotels to ensure they actually exist and TripAdvisor to check reviews of airlines, travel websites and hotels before booking.
Gift cards offer fake cashback rewards
Looking for freebies online? Who doesn’t love a bargain! But, beware of emails offering free Christmas gift cards. scam-detector.com reports:
“Scammers send mass-emails, request recipients to participate in a survey, and promise a gift card in return. The crooks pose as retail chains or fast food restaurants and use the real logos to make it seem legitimate. The latest names used are Walgreens, Walmart, Sam’s, Kohl’s, Costco, McDonald’s and Amazon.”
Once you have completed the survey you will see a list of what you have won. All you need to do is enter your credit card details to pay the $1 processing fee and your prizes are yours. Instead, your credit card is emptied while you wait.
Image: scam-detector.com
Also on Facebook, fake pages pretending to be affiliated with major brands ask you to like their page and complete surveys to receive cash or free gift cards. As soon as they have your details, your inbox will be flooded with marketing materials, junk and who knows what else.
Gooligan spreads through new Androids
Kids getting a new phone for Christmas? As new phones are unwrapped around the world, app downloads skyrocket offering ideal conditions for malware injection through third-party app sites. Gooligan reached epidemic levels recently, downloading malware to increase advertising revenue for hackers. Always download apps through Google Play or the Apple App Store as they have built-in measures for weeding out malware.
Fake shopping sites inject malware
Looking for cheap gift ideas online? Malware injecting sites disguised as discounted designer wear and fragrance sales regularly snag shoppers and as the Christmas gift-buying frenzy forces us to rush, it is easy to become complacent online. Beware of any sites that lead you to third party sites for purchases. Do not buy from ad pop-ups.
Charity phishing scams ask for donations
Want to give something back this year? Every year, reputable charities make calls for their annual Christmas appeals. But beware of calls from fake charities or people pretending to be from legitimate charities. Much like the tech support scam going around, a person calls your phone pretending to be from Red Cross or Save the Children and asks for donations for their Annual Christmas Appeal. If you are unsure if this is a legitimate call, simply hang up and call the Red Cross directly, make your contribution in person or on your chosen charity’s website.
Bogus delivery failed emails contain malicious links
Expecting a package? Fake emails saying that your package was unable to be delivered will direct you to fake links that once open inject malware. These emails may pretend to be from FedEx, UPS or any other legitimate courier service, or, may list no business. This is one of the most common ways of spreading malware currently. If you are expecting a parcel, contact the sender directly with questions. Do not open these emails.
Fake eCards spread malware
Spreading a little Christmas cheer this year? What easier way to spread the holiday spirit than with a funny eCard by email to all of your contacts? eCards are a cheap and entertaining way to stay in touch, but be careful if you receive one. Fake eCards ask you to open a link to see your eCard on a separate page and can lead you to malware-injecting sites. If an eCard is legitimate it will say the name and email address of the sender. Use caution before opening.
Fake bank emails ask for sensitive information
Did you receive an email from your bank offering you Christmas rewards with a link to follow? Please note: Your bank will never email you asking you for your internet banking password, credit card details or lead you to another site to login to internet banking.
I repeat.
Your bank will never email you asking you for your internet banking password, credit card details or lead you to another site to login to internet banking. If you have received an email such as this, contact your bank immediately who will alert their fraud team and check your cards for unusual activity.
Fake friends spread malware on social media
Are you receiving unexpected messages on Facebook? Beware of any new friend requests from people you don’t know or who may have duplicated other friend’s profiles. Beyond spreading malware, these friends phish for private information to exploit further. If in doubt, block and report the profile to Facebook.
Christmas lotteries offer scam winnings
Who doesn’t want a little extra cash to play with at this time of year? But, beware of the lottery scam. It always starts the same way. An email alerts you that you have won an impossible amount of money, all you have to do to claim your prize is pay the small processing fee. It is always tempting but never worth it. Once you have handed your scammer your credit card details the only limit for them is the spending limit on your card.
Christmas screensavers bundle malware
We all love a bit of Christmas cheer on our desktops, but holiday search terms are loaded with additional downloads such as PUPs (Potentially Unwanted Programs) that continually flood your computer with pop-ups and more malicious types of malware such as ransomware which takes all personal data hostage until a user agrees to pay.
Here’s how to stay safe online this Christmas
As is the case all year round, the key to staying safe online is using common sense and reading things thoroughly. Here are Emsisoft’s top tips:
- Always read who an email is from before opening it. If you don’t recognize the sender, delete it.
- If you wish to make charitable donations for Christmas, visit the charity’s website directly
- Don’t follow any external links from emails if you are unsure of the contents
- Shop on reputable websites, don’t click on pop-ups with sales that seem too good to be true
- Be mindful of downloads, unusual friend requests and fake bank emails
Keep in mind that all of these types of scams occur every day of the year, not just at Christmas. It’s just that, like all things at this time of the year, they simply come with better wrapping.
Have a Merry (malware-free) Christmas!