The holidays are upon us, online sales are expected to go through the roof, and more U.S. consumers than ever (68 percent, or roughly 170 million people) plan to buy technological gifts this holiday season. Unfortunately, cyber criminals bank (no pun intended) on heightened shopping excitement and lowered safety practices, thus coming up with more creative ways to make their holiday a prosperous one.
It’s hard to know what holiday scams are out there, let alone how to spot one; we’re here to help. If you’re aware of the dangers and how to spot them, it will give you better security on all your devices, and better peace of mind, as well.
1. Fraudulent Emails
Emails containing false offers for great deals, e-cards containing malware, imitation delivery statuses, and phony shipping confirmations are sent out in bulk this time of year. You’ll get an email with FedEx telling you that there was a problem with your package. Or you’ll open your inbox to find one or more offers that are practically impossible to ignore from a retailer you know. Or you’ll see an email advising you of the shipping status of a package you order from UPS. They can all look real, and a lot of them could be bogus.
What to Do: Make sure it’s a scam; there are a few ways you can spot one. The punctuation and spelling will be poor, or you will be asked by the sender for personal information. Another way to tell is by checking the sender’s email address against the sender’s name. Don’t respond to a suspicious email or click on anything in it: No pictures, no links, no buttons, and no banners. If you click on any of the elements, it may activate malware and/or or provide personal information to the scammer. To identify the authenticity of the email content, open a new window and type in the retailer’s address to go directly to the site.
If it’s an e-card as an attachment, don’t open the attachment if you don’t know the sender. Be careful not to click on any links that say, “View the e-card”. Doing either of these could download malware to your computer.
And never give your banking information, social security number, etc. to anyone. A reputable business would never ask you for personal information.
Even a fork can connect to the internet these days, which means it needs a password. That fork, and any smart appliance and device (the Internet of Things), comes with a default one. If there is anything that is going to get your digital life into trouble, it’s a default, hack-able password.
What to Do: Change the manufacturer’s default password to a password that’s hard to guess and write it down. Make it a combination of letters, symbols and numbers, and change it regularly.
3. Don’t Use the Same Password on All Sites
Passwords, passwords. When you sit down at your computer or you pull out your smartphone to shop, you’re going to need a password for all those sites you’re going to visit. Sure, having one password is convenient, but once someone hacks your password on one account, they’ll reap the monetary benefits from all of them.
What to Do: Use a password manager that can be used on your smartphone as well as your computer, i.e. LastPass. This will keep track of your logins and passwords for any site you visit. You don’t even have to type! A few clicks will fill everything in for you so you don’t have to memorize any passwords if you don’t want to.
Bonus Tip: When the site asks you if you want to store your financial details (like your credit card number) on the site to use the next time you’re there, don’t do it. It’s yet another way for a criminal to get his hands on your personal information.
4. Enable Two-Factor Authentication
Speaking of shopping on websites, a lot of them offer two-factor authentication. This provides two layers of authenticity, not just one. The first layer of security is your login and password. Depending on the web site, the second layer of security will be something like a PIN, a second password, or even a voice print.
What to Do: Use two-factor authorization everywhere it’s offered. Some types of businesses, like banks, have automatic two-factor authorization. It’s a lot harder for a hacker to hack through two layers of security than just a password, so enable it whenever you can.
5. Check the Safety of the Website You’re Visiting
A secure site has a closed padlock in the address bar and its URL starts with HTTPS, which means it has an SSL Certificate. An SSL Certificate is a certificate designed to keep the connection more secure between you and the site’s server.
What to Do: One excellent way to add some security to your browsing is to install a browser add-on called HTTPS Everywhere. Visit the website when you install it. It’s designed to protect you from different types of surveillance and account hacking by automatically switching the site you are visiting from HTTP to HTTPS if the site supports it.
Always look for the little padlock in your address bar and https:// at the beginning of the URL — they show you are on a secure site. Note that the padlock placement in each browser varies a little (see below).
6. Set Up Account Alerts
You may be on top of your device’s security, but cybercriminals are good at what they do. There’s too much money at stake not to be. That being said, you may still get hacked.
What to Do: Set up alerts for your bank accounts. Almost all banks and most credit card companies give you the option to have an alert sent to your smartphone and/or email when there has been any activity on your account, your account is overdrawn or it drops below an certain amount (you set the amount), and more.
Bonus Tip: Go through your bank and credit card statements in detail. A lot of people kind of skim through their statements when they get them each month. Make sure you check each transaction to ensure that it’s legitimate.
7. Watch the Smartphone Downloads
It’s sad, but many apps aren’t safe. In fact, malware is on the rise in smartphones. Downloading that new game you want to try or responding to a text you receive from an unknown sender can get you some harmful malware if you don’t protect yourself.
What to Do: Don’t download apps from questionable sources. If you’re an Android user, use Google Play, although be forewarned that there is a small chance you can get hit by malware in Google Play, too. If there is an app that you are about to download that’s questionable, use Verify Apps to scan it first (it’s installed by default in Android). Apple seems to take security more seriously than Android as the only place you can download apps is at the App Store. Smartphone Security: Can iPhones Get Malware?Malware affecting “thousands” of iPhones can steal App Store credentials, but the majority of iOS users are perfectly safe – so what’s the deal with iOS and rogue software?Read More
For safe texting, there’s Signal. Signal provides end-to-end encryption, which turns a sender’s regular text message into a secret one and can only be decoded by the recipient. Thus, every time you send a text, nobody can “see” its contents except the person you texted.
And take care of your smartphone like you do your computer; download and install an antivirus and a firewall program. From a reputable source, of course.
Bonus Tip: When you are installing an app, pay attention to the app needs access to. A lot of apps ask for far too much information than it needs. Don’t give anyone, anywhere too much personal information.
8. Skype and Facebook and Twitter…
Is there any part of the internet that scammers have missed? The newest scams are being perpetrated through social engineering, which is just a fancy phrase for using social media to get people to cough up their personal details. And boy, is it amped up this time of year!
Facebook has false giveaway contests and gifts, and Twitter has more spam than ever. One Skype email scam (it looks real but it’s not) informs you that you have a call waiting. Click the link in the email and you will be taken to a site to download software full of adware or even worse, malicious code that can listen in on your conversations.
What to Do: See #1 in this article. Don’t click on anything clickable in the email: pictures, links, buttons, and banners. If you get an email in Skype telling you have a new call, go to Skype itself — don’t just click on the link. If you get a message in Facebook telling you can get a credit card pre-approved just in time for the holidays, go directly to the merchant who is offering the card. It may look like it’s the real thing, but it quite possibly won’t be. Check the real source. You can’t be too careful.
9. False Charities
It’s really sad, but criminals take advantage of people this time of year, knowing that they are more apt to give money to the needy. They falsify charity names or make new (fake) ones, and will do it through email, websites, phone calls, or even text.
What to Do: If you have never heard of the charity, go to the Better Business Bureau (BBB) and look up the name, or not give. It’s that simple. You can always go to your favorite charity’s website, or Google homeless shelters in your area. The point is to never give money to someone who you don’t know.
10. Credit Card Skimming
We all have been advised to watch for people lurking in the shadows when we go to the ATM to get cash. Now we are being advised to watch the ATM and the gas pump when we scan our card. Around the holidays, this particular scam is perpetrated more, mainly because criminals know that more people will be using an ATM.
How does it work? Scammers will put a small device on an ATM or gas pump card reader (it fits on top of the real card reader so you can’t tell it’s fake unless you look for it) that will “skim” the magnetic tape to capture your PIN. This gives the scammer enough information to go shopping online or make an imitation card.
What to Do: When you’re at the ATM or getting gas and go to put in your card, examine the card reader. If it looks at all different, reach out and shake or pull on it. It may pop right off. Take a quick glance at your card when you take it out of the reader. You might see glue around the edges of the card. Report it to the bank or proprietor if it’s at all suspicious.
EMV (Europay, Mastercard, and Visa) is a standard of security that uses a computer chip to encrypt your card’s data. If your card does not have an EMV chip and still has the magnetic strip, call your bank and ask for a new one. You should have one by now.
Be diligent. Keep everything on your computer and smart phone patched and updated. Use antivirus and firewall software on your smartphone as well as your computer. Make your passwords more difficult to guess, and make sure there is a different one for each log in that you have.
You don’t want to be the victim of a cybercrime, and there is no such thing as too much security for things that are important to you.
Above all, have a wonderful, safe holiday!