Keep yourself protected from unwrapping an online threat this holiday shopping season.
Tis the season for snow, holiday cheer and, let’s face it, shopping. Black Friday, Cyber Monday, pre-holiday, post-holiday — it comes at us from all angles. We get bombarded with emails and pop-ups and Facebook posts telling us about all the great deals we could have if only we click here.
Gift-buying has never been so easy. We use our phones, tablets and computers to order just about anything, delivered to our doors in a few short days, usually with free shipping. But just as our cybershopping is on the rise, so is the potential threat of cybercriminals ready to take advantage of unsuspecting shoppers.
This year, holiday shopping sales are expected to surge to an estimated $616.9 billion. E-commerce sales are also predicted to rise between 8-11 percent this year to more than $105 billion, with 56 percent of smartphone owners planning to use their device while shopping.
McAfee, a part of Intel Security, has developed its “12 Scams of the Holidays” list which educates the public on the most popular ways cybercriminals scam unsuspecting shoppers as they surf and shop with their digital devices during the holiday season, along with some tips on how to stay safe:
You’ve Got Mail!
As holiday sales continue to move online, the risk for shipping notification and phishing scams are increasing.
TIP: The creators of phishing scams like fake shipping notifications are getting smarter. Instead of clicking on a link for a shipping notification, go directly to the site and plug in your tracking number from there.
Keep your eyes peeled when online shopping for this season’s most coveted products. Dangerous links, phony contests on social media, and bogus gift cards are just some of the ways scammers try to steal your personal information and ruin your holiday cheer. This year’s trends include fake deals for hot new electronics products like the iPhone 6 and iPad Air 2.
TIP: If a deal or advertisement looks too good to be true, it probably is. Before clicking the link in the social media post or ad, go directly to the outlet’s website to see if the deal is displayed there.
During the holidays, many consumers give back by donating to their favorite charity. But be wary of fake charities that could reach you via email, or are shared virally through social media. Big events, like this year’s Ebola scare in the United States, can lead to even more fake charities than normal. One of the biggest charity scams of 2014 was a campaign from a group impersonating the UN Refugee Agency.
TIP: Look for the seal and trust mark on a charity’s website before opening your wallet to donate. Just because a website ends in “.org,” doesn’t mean it’s legitimate. Do an online search of what people’s experiences have been when donating to the charity to ensure it’s real.
Some scams are simply out of your control. Point-of-sale devices at popular retail stores became the targets of hackers seeking credit and debit card numbers, as well as other customer data. Card issuers, law enforcement and security companies saw stolen data go “on sale” on online hacker marketplaces, and identified attempts to use this stolen data in clever fraud schemes.
TIP: Closely monitor your credit card statements and stay on top of breaking news should a retailer you have shopped at be exploited. The more vigilant you are, the faster banks and retailers can crack down on the hackers and protect you from financial damage.
Thanks to ongoing advancement of technology, new mobile apps are added every day. But even the most official-looking or festive apps could be malicious and capable of accessing your personal information. McAfee Labs recently found a suspicious Android app called ACCLeaker that secretly collects a device user’s Google account ID, Facebook account ID and Twitter account name.
TIP: Google and Apple have made tremendous efforts to scan apps uploaded to their app stores, so you should only download apps from these official app stores. If the app requests too much information, do not download it. Also install antivirus software on your mobile device to help protect against malware getting on the device.
Digital e-cards spreading the holiday cheer are fun and easy and most importantly, thoughtful. While you may want to send a loved one “Season’s Greetings,” hackers are looking to wish you a “Merry Malware!” Well-known e-card sites are safe, but be wary of potential scams that cause you to download a virus onto your device.
TIP: Be wary of e-cards from unknown senders.
Holiday Travel Scams
With travel on the rise during peak holiday times, online scammers take advantage of the fact that consumers often become less vigilant about their safety. Fake online travel deals are bountiful.
TIP: When booking travel plans this holiday season, be wary of sites that request money or credit card information in advance. If you are opting to rent a residence during your travels, back-check the address of the rental site to make sure it’s legitimate.
Bank Robocall Scam
Hackers try to take advantage of the fact that consumers are concerned about fraud, particularly during the holidays when credit and debit card holders are making a large number of transactions. In some cases, consumers receive fake automated phone calls masquerading as their banks’ fraud departments. These “robo calls” claim that the user’s account has been compromised and request personal information, such as account passwords, to make changes.
TIP: If you get a call from your bank about your account, insist on calling them back. Hang up, and call the bank through the official main line to ensure that the person you were talking to was truly an employee of the bank.
During the holiday season, you need cash and are usually in a rush to get it. Criminals can access your information at ATMs by installing skimming devices to steal the data off your card’s magnetic strip, and using either a video camera or keypad overlay to capture your PIN.
TIP: When withdrawing money, be aware of your surroundings. Check to make sure that you are in a safe place to enter your information. If anything looks amiss, leave. Additionally, inspect the ATM for loose wires or machine parts that may have been tampered with.
Many news services capitalize on the holidays by developing “Year in Review” articles, which can be embedded with links from phony sources.
TIP: Be cautious of clicking on links to intriguing emails. Visiting unknown URLs could result in landing on phony websites set up to spread malware or steal personal data.
With an increase in travel, activity (and bubbly!) over the busy holiday season, people are more likely to lose their smartphones.
TIP: Always enable the locate and lock feature on your phone and keep your smartphone PIN protected at all times.
Bad USB Blues
During the holiday season, businesses may see an increase in gift baskets from vendors who want to continue working with your company in the upcoming year. One of the most popular items in these baskets includes branded USBs. Beware of these, as undetectable malware is sometimes pre-installed on them.
TIP: Avoid using USBs that you did not purchase yourself or do not know where they came from. Stick to the ones you have kept secure and only used by yourself.
Help others to stay safe online this holiday season by giving advice and sharing updates with family and friends. McAfee and Dell’s Season of Sharing Sweepstakes* rewards you for doing just that, with prizes including a $1,000 gift card to Dell.com** along with McAfee LiveSafe service.
* U.S. residents only. No purchase necessary. Sweepstakes is from November 4 – December 12, 2014. For official rules, prize descriptions and odds disclosure, visit www.12scams.com . Void where prohibited.
**Terms and conditions apply. See www.dell.com/giftcard.
Information in this article first appeared on Gary Davis’s McAfee blog.