10 Ways To Avoid Holiday Scams

With the biggest cybercriminal hacking holidays of the year upon us, it's time for a reminder of red flags to pay attention to when shopping either online or in brick-and-mortar stores. 

Think Before You Click

1. Make sure devices are up to date

Whether you’re using your laptop, smartphone or other device, having basic security measures in place will lessen your chance of being a victim, but bear in mind the rest of these tips to stay safe.

2. Be careful when using public wi-fi

Never share private information on a public wi-fi network, even if you think it's safe. Wireless network names are fairly easy to fake and sensitive data like credit card details, login information, etc. can be easily intercepted. Kevin Mitnick breaks down exactly how this is done:



3. Use strong, unique passwords

Well over 900 data breaches so far this year have exposed hundreds of millions of records! You better believe that information is being sold and the more accounts you have that use the same username and password , the greater the risk for being hacked.

4. Fake apps

We warned earlier this month about fraudulent apps showing up in both the App Store and Google Play but it bears repeating. Before even downloading any app do some research on the publisher, app creation date, and reviews to give you a good start at spotting a fake. Look for misspellings of popular apps and remember that retailers who don’t actually have an app are especially vulnerable. Better to go to the website directly and check for the official link yourself.

Fake Apps On AppStore

5. “There was a shipping problem with your order”

Smells like a scam! Other phishing emails to be wary of are fake invoices, fake refunds and any urgent email persuading you to open an attachment, click on a link, or fill out a form. Attached documents containing malicious macros are back with a vengeance, making it critical to pay very close attention to these types of emails. When in doubt, always go directly to the vendor if you think there may be a problem.

Macro Warning

6. Pay close attention to the websites you visit and shop on

How did you get to this website? Via email? Maybe an ad for a killer sale? Beware of bad links in phishing emails, counterfeit copies of legitimate sites, and malvertising (yes those can be found on legitimate sites too). Copied sites can be made to look nearly identical to the real thing. Basic red flags are bad grammar/spelling, shady contact information and unheard of deals on expensive items. See these other signs to tell if the website is legit. Even if the site is real make sure it's secure, look for https with a lock.

Fake Websites


7. STOP oversharing on social media

'20 questions about me' type posts are a goldmine for criminals. Posting that information publicly makes it a lot easier to guess your password, answers to security questions, and makes you a bigger social engineering target.

8. Free gift card/iPad/insert must-have item just for filling out a survey or form

Often these are scams looking for your personal information that get sold to other cybercriminals. Make sure any offers you sign up for are authentic before giving up any information.

Amazon Gift Card Scam


9. Use a credit card (no debit cards)

If cybercriminals get their hands on your debit card, it's very easy for them to quickly drain your bank account. You can always reverse charges on a credit card if necessary.

10. Keep an eye on your bank accounts and monitor your credit report regularly

Fraudulent spending often starts with small purchases (think $1-$5) that would normally go unnoticed unless you're looking at your transaction history. The sooner it's spotted the easier time you will have getting your money back.

Always remember to think before you click and IF IT SOUNDS TOO GOOD TO BE TRUE IT PROBABLY IS!

To keep your employees safe throughout the holidays and beyond, it's a must to step them through effective user education. Find out how affordable this is for your organization and be pleasantly surprised:

Get A Quote Don't like to click on redirected buttons? Copy and paste this link into your browser:


Return To KnowBe4 Security Blog

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews