Every year around this period of time, be it year-end or the Christmas season, the majority of celebrants are eager to gather, express gratitude, and give gifts. Unfortunately, the festive season is also when scams start to skyrocket, souring the spirit of celebration.
Even if you’re a cyber scam prevention pro, take the opportunity to raise awareness about scams among your colleagues, friends and loved ones. Infact, with the arrival of IoT devices in the lives of digital users, cybercrime has exponentially increased due to the weak security systems we see in these IoT devices from karaoke machines and connected home appliances like vacuum cleaners and coffee machines, to digital wallets on our mobile phones to new and improved tablets and even smart toys for your kids.
According to a recent industry survey, Indians are demonstrating both cautious and risk-taking tendencies during the festive season with 88 percent checking online seller ratings before making purchases, though 19 percent admit to be willing to purchase from a questionable website, resulting in the average amount lost in India to holiday shopping scams to be over ₹20,000.
Scammers target people in multiple ways, which we now explore to help you and yours avoid a heartbreaking holiday season.
10 common seasonal holiday scams and how to avoid them
1. Deceptive social media advertisements. These direct users to fraudulent online stores that pinch credit card information and personal details. Falling prey to such schemes can result in monetary losses and identity theft.
How to avoid: To safeguard against scams involving social media ads and fake online shops, conduct research on a given store (look for customer reviews, ratings and testimonials from reputable sources), be skeptical of deals that seem too good to be true, install security software to protect devices, and monitor financial statements for any unauthorized transactions, reporting suspicious transactions immediately.
2. Deceptive delivery notification texts can easily fool people who aren’t paying enough attention. These fraudulent messages falsely say that there will be a delay in shipping a product that you ordered, or they demand a payment fee under the pretext that it’s required for a package’s delivery.
How to avoid: To skip out on scams involving fake delivery notifications, verify the message source (confirm the legitimacy of the text message sender). Rather than clicking on links embedded in a notification, visit the official website of the delivery service; input the tracking number to access accurate and up-to-date information. Further, you can always contact a delivery company directly, using their official contact details, to verify the status of your package.
3. Scammers have been known to create phony charities in order to profit or to steal personal information. Some of these fake charities have been observed on GoFundMe.
How to avoid: To steer clear of these types of scams, check on the legitimacy of the charity by investigating the charity’s website. For crowdfunding campaigns, confirm the authenticity of the cause and the organizer – look for details such as the purpose of the campaign, how the funds will be used, and see if you can get a sense of the organizer’s credibility.
4. Fraudulent offers on airline tickets or scarce items. Numerous scams focus on the holiday surge in travel-related purchases or exploit the demand for sought-after products, enticing people to accidentally buy counterfeit tickets or merchandise.
How to avoid: Don’t fall victim to bogus deals. Ahead of making a purchase, research the seller and/or the website, exercise caution if the deal seems too good to be true (unrealistic prices, especially for tough-to-find items, can indicate a scam), ensure that the website has a secure connection (HTTPS, not HTTP), carefully read the terms and conditions of the deal, and trust your instincts.
5. Watch out for phishing emails that mimic emails from reputable brands. Scammers sometimes try to pose as representatives of familiar companies (Amazon, Walmart…etc.,). These deceptive emails employ social engineering tactics in an effort to illicitly obtain passwords, personal data and financial information. A recent example is shared here.
Our Check Point Research (CPR) observed a malicious phishing email that was sent from a webmail address “amazon@somecards[.]net” that was spoofed to appear as “Amazon” and contained the subject “You have cash remaining on your Amazon Christmas Card”. The mail content urged the recipient to click on a malicious link which is now inactive.
The link – “us[.]farenheit[.]net”
The article has been written by Sundar Balasubramanian, Managing Director, Check Point Software Technologies, India & SAARC