‘Tis the season to be jolly, especially if you are a scammer. In the run up to holiday season, cybercriminals go into overdrive and are ready and waiting to take advantage of the millions of online shoppers looking to secure a bargain. Holiday season scams are plentiful, highly varied, convincing, and often successful.
This year, the U.S. government is warning consumers to be on high alert for holiday season scams that aim to obtain sensitive information and deliver malware and ransomware.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) explains that malicious cyber campaigns increase considerably during holiday season. It is a time when online shopping increases and special offers are plentiful. While there are many genuine Black Friday and Cyber Monday deals available, there are also scams aplenty.
Scammers send out millions of emails promising too-good-to-be-true offers and amazing discounts to fool people into disclosing their credit card details. Fake parcel tracking notifications are also common. They include links to sites that harvest credentials and attachments that download malware when opened.
As has been the case over the past few years, the most commonly requested gift is a gift card. Unsurprisingly gift card scams are rife in the run up to Christmas, both scams targeting purchasers of the cards as well as recipients. Phishing scams, fake ecards, and fake gift card emails include hyperlinks to malicious sites where credentials are harvested or malware is downloaded. Scammers send emails posing as charities, asking for donations to fraudulent charities or fake causes. The list goes on and on.
The advice from CISA is to exercise caution. If an email is received that asks for a donation to charity, always verify the authenticity of the charity prior to making a donation. Avoid clicking links or opening attachments in unsolicited emails from unknown senders and take steps to verify the authenticity of an email prior to taking any requested actions.
When making any purchase online, make sure the site is genuine before entering any sensitive information and check that the website starts with HTTPS before entering card information. Be aware that just because a site starts with HTTPS and has a green padlock it does not mean that the website is genuine.