The Holiday Season is one of the busiest shopping times of the year. As technology becomes more innovative, so does the way we purchase products. Friends and family spend hours browsing gifts online trying to find the best presents for loved ones. To avoid crowds, many people use their computer or smartphones to buy these items. Unfortunately, this makes them an easy target for Holiday Hackers.
Holiday Hackers are cyber criminals who take advantage of unsuspecting people during the holiday season. According to Rurik Bradbury, a marketing executive at e-commerce security company Trustev, 40 percent of each year’s online fraud happens during October, November, and December. During the holiday’s Hackers expect people will be inputting precious data like credit card numbers, addresses, and other key personal information. Remember, hackers are just as excited about the holidays because they know people are more vulnerable. This month we are reviewing three of the most common ways hackers try to steal your information during the holidays and how you can avoid falling for their scams.
SCAM #1 – FAKE/COPYCAT WEBSITES
If you’re like me, you might wait until the last minute to do ALL of your holiday shopping. The pressure to find the “perfect” gift is sometimes too much for one person to handle, so we go into overdrive. This anxious feeling causes many people to rush through the entire process of online purchasing. We type the website into the top of the browser window and get ready to hand over our credit or debit card information. Without thinking, we may have typed in the wrong web address or URL (Uniform Resource Locator). These types of situations are what Hackers hope for! They deliberately create copycat websites based on the most common spelling mistakes people make when typing in web addresses.
1) Pay close attention to what you are typing in. Always verify what you typed in. Before sharing your banking information, ALWAYS make sure the website starts with “https”.
Example: https://www.amazon.com/ – You see the front of this web address has https indicating it is a secure website. If you do not see https, find another website to purchase from.
2) If you use a search engine to find gift ideas, be mindful of what you are clicking. I know it’s easy when you get inspired and just start opening numerous links in new tabs, but be cautious. A clever idea during the holiday season is to enable Google Safe Browsing. According to Google, “Safe Browsing gives users the ability to protect themselves from multiple types of unsafe sites and applications. Our policies help define the types of web threats about which Safe Browsing will notify users and webmasters.” Utilizing this type of search engine can protect you from Malware, Unwanted Software, and Phishing. Which leads me to the next Holiday Hacking Scam…
SCAM #2 – PHISHING EMAILS
Phishing emails are likely one of the most common hacking schemes cyber criminals use during the holidays. According to the United States Computer Emergency Readiness Team, “phishing is a form of social engineering that uses email or malicious websites (among other channels) to solicit personal information from an individual or company by posing as a trustworthy organization or entity.” The purpose of phishing is to steal your personal information. Sounds intimidating, but there are ways to avoid this type of scam.
1) Before clicking any links, review the spelling, grammar, and syntax of what you are receiving. If you happen to discover numerous errors, report the email as Spam. Here is an example of a phishing email from Fuse Technology Group:
2) Most of your Phishing Emails this season will be from people claiming to be customer support with companies like Walmart, Amazon, PayPal, eBay, etc. This is because hackers know consumers will be using most of these websites for buying gifts. If any of the wording in the message indicates something will happen if you do not provide the information the email is requesting, consider it a red flag. The best practice for reading emails during the holiday season is to type links manually. For example, let’s pretend Amazon contacts you saying the address for your package was typed incorrectly. The email has a link you can click to resubmit your personal information. Instead of clicking that link, manually type in www.amazon.com. Check your account settings to see if you have any unusual notifications. You can also contact the company from its support page to verify the authenticity of the email. (For more information about Phishing Emails, check out our September Blog.)
SCAM 3 – FAKE ADS VIA SOCIAL MEDIA & TEXT MESSAGES
Fake advertisements on social media sites like Facebook, Instagram, and Twitter see an increase during the holiday season. Holiday Hackers hope that people will just click whatever seems interesting to them. Research shows that in 2016, Hackers used Google’s Ad Network to spread “fake login” malware. As a result, the malware would impersonate login pages from popular applications and websites. This means the user thought they were logging into their Mobile Banking App when in reality they were providing their mobile banking login to a hacker. Even though it’s been two years since this specific issue, people should be just as cautious when submitting personal data during the holidays.
Let’s review ways to avoid fake advertisements:
1) Try to avoid opening ads you see on social media. Instead, go to the website directly. Let’s pretend you see a BestBuy Ad for a new computer. It seems like a “too good to be true” type of sale, but you are still curious. Instead of clicking the ad, go to BestBuy.com and search for that product instead. Hackers will try creating fake ads that attract buyers with great deals, offers, and discounts. Use your institution in these situations. If something feels strange, that’s your instincts saying “do not trust this advertisement.” We all know the saying if it seems to too good to be true…it probably is.
2) Sometimes Fake Ads will come directly to you through texting scams. Hackers will exploit technology to their advantage by tracking your cookies. What are cookies? According to Norton, Cookie is a term for a packet of data that a computer receives and then sends back without changing or altering it. The purpose of the computer cookie is to help the website keep track of your visits and activity. Hackers can use your cookies to create fake ads targeted to you based on items you have looked up already. If you were just looking up lawn mowers at Lowes.com and receive a text message saying “Congratulations! Click this link to claim your free $300 Lowes Gift Card!” would you click it? Probably not, but some people out there may be in that “holiday spirit rush” we mentioned previously. Clicking harmful links allows hackers to install malware on your device to steal any personal information. This includes information like telephone numbers, banking info, passwords and more. If you ever receive a text from an unknown number claiming you won something, do not fall for it.
TIS THE SEASON
Tis the season to be jolly, but it’s also the season to be cautious. Kustura Technologies hopes you will be able to spot these scams and utilize what you learned throughout this blog. Remember to always verify something BEFORE you click it. It doesn’t matter if it’s a link, email, advertisement, etc. Always trust your instincts and if something feels strange, move on to something else.
For more information about Kustura Technologies and the services we provide, contact us using the form below.