As the new holiday cybercrime season rolls in, it's a good idea to look at the scams of last year, which will be recycled with a few small updates. It’s important for IT departments to give employees a refresher course on
what to keep out for. It’s becoming more important as online shopping increases and much of that happens on work computers or the devices that employees use for office communication. Here are a few scams to keep an eye out for this holiday season:
Black Friday Deals
Black Friday and Cyber Monday are the busiest on-line shopping days and the bad guys are out to get rich with your money. And the holidays are just around the corner. So what do you have to look out for?
Watch out for the too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don't fall for it. Make sure the offers are from a legitimate company.
Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don't enter anything. Think Before You Click!
There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a "wrong transaction" and wants you to "click for refund" but instead, your device will be infected with malware.
The Grinch E-Card Greetings
Happy Holidays! Your email has an attachment that looks like an e-greeting card, pretty pictures and all. You think that this must be from a friend. Nope. Malicious e-cards are sent by the millions, and especially at the office, never open these things as they might infect your workstation.
The Fake Gift Card Trick
Internet crooks promote a fake gift card through social media but what they really are after is your information, which they then sell to other cyber criminals who use it for identity theft. Here is an example: A recent Facebook scam offered a free $1,000 Best Buy gift card to the first 20,000 people who signed up for a Best Buy fan page, which was a malicious copy of the original.
The Copied Site
Bad guys build complete copies of well-known sites, send you emails promoting great deals, sell products, take the credit card, but never deliver the goods. These sites live only a few days and the money usually goes abroad. Your credit card company will refund the purchase, but apart from not getting your gift(s) your card number is now compromised and will be sold and used by
The Charity Tricksters
The holidays are traditionally the time for giving. It's also the time that cyber criminals try to pry money out of people that mean well. But making donations to the wrong site could mean you are funding cybercrime or even terrorism. So, watch out for any communications from charities that ask for your contribution, (phone, email, text, and tweets) and make sure they are legit. IT’s a good idea to contact the charity to make sure the request did in fact come from them. It is safest to only donate to charities you already know, and refuse all the rest.
You tweet about a holiday gift you are trying to find, and you get a direct message (DM) from another twitter user offering to sell you one. Stop - Look - Think, because this could very well be a sophisticated scam. If you do not know that person, be very careful before you continue and never pay up front.
The Extra Holiday-Money Fraud
People always need some extra money during this season, so cyber fraudsters are offering work-from-home scams. The most innocent of these make you fill out a form where you give out confidential information like your Social Security number which will get your identity stolen. The worst of them offer you work where you launder money from a cyberheist which can get you into major trouble.
The Search Term Trap
Bad guys do their research and find out what people want. They then build a site that claims to have the desired item. They push that site high onto the search engines and you might click on that link. But the site contains malware and will infect your PC. Make sure that your web-browser is always fully updated, and will warn you if it sees that the site is unsafe. At KnowBe4, we prefer Google Chrome for safety reasons.
The Evil Wi-Fi Twin
If you bring your laptop/tablet/smartphone to the mall to scout for gifts and check if you get it cheaper somewhere online. But the bad guys are there too, shopping for your credit card number! They put out a Wi-Fi signal that looks just like a free one you always use. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your credit card data while you buy online. When you use a Wi-Fi connection in a public place, it is better not to use your credit card.
And one we expect to see: Free Star Wars Movie Tickets
Warn your users against phishing attacks that try to trick them into winning movie tickets for the new Star Wars movie. For the next 2 months this is going to be a highly successful social engineering attack that a lot of users are going to fall for. This is what the KnowBe4 template looks like that customers are sending to their employees:
Interestingly enough, this was submitted by one of our customers in the Community section where they submit and use phishing templates made by peers and sent to their own employees to inoculate them against social engineering. IT folks can also give out this free copy of the Kevin Mitnick Home Internet Security course to keep employees safe through the holidays: (passsword expires on December 31, 2015).
Password – knowbe4
These days, it's a must to step your employees through effective user education. Find out how affordable this is for your organization and be pleasantly surprised: