Holiday Special: Season of Scams

As the holiday season approaches, shopping for gifts for our loved ones is a common thing to do. Due to the pandemic and self-quarantine, shopping has now shifted online, which lures many hackers and cybercriminals. Seasonal holiday shopping opens opportunities to fraudulent activities, and phishing scams are on the rise due to COVID-19 with no signs of slowing down. COVID related phishing attacks has skyrocketed by 600% between February and March this year.

Attackers use many creative but effective methods to scam victims, especially during these holiday seasons.

Here are some examples.

Fake Shipping Scam

People shop online now more than ever due to the pandemic. They can be scammed in one of the two options. One is directing the victims to a fake login page after sending them an email claiming to be a legitimate company requiring shipment details. Victims then enter their credentials to the wrong person. The other option is sending an email with an attachment that can potentially harm the victim’s devices.

To avoid these attacks, not opening suspicious emails the easiest and the most obvious one. Before you open the email, look at the email address and make sure it is not generic. Most legitimate companies send shipping detail in the body of the email, not as a link.

Charity Fraud Scam

The most common way used these days is to use COVID-19 related charity. It is current and uses sympathy, which makes victims fall for it easily. The attackers make sure the message is sad and compelling. The victims think they are donating to a real charity, but in reality, the charity doesn’t exist and would be sending money directly to the scammers.

To avoid charity fraud is to check the legitimacy of the charity. Legal charities are registered. Cross-check the details and ALWAYS avoid strangers asking for money upfront.

Gift Card/Coupon Scam

When the seasonal holiday shopping and pandemic align, it is the perfect way to steal money from big spenders. It targets those who purchase goods online often and encourages them to pay using coupons. One of the recognizable signs is an outstanding deal with a low price.

Always avoid giving personal information to untrusted parties and beware of great deals and discounts that are too good to be true. Because usually, they are not real!

Travel Phishing Scam

As staying at home and self-quarantine extends, people get agitated and lean to the idea of traveling. Especially these holiday seasons are busy times to travel and visit loved ones. Or you want to take a break from everything and book a vacation to some exotic island. You book a ticket ready to go, but all this gets canceled due to the pandemic. Attackers use this opportunity to redirect you to a new login page for a refund. And bam, you gave up your credentials to the culprits. Ensure you check the link is right and not stripped (usually instead of ‘https://’ it is changed to ‘http://’) so that it is safe to surf. Don’t enter information on 3rd party apps that are not safe.

Another way they can trick you is to offer you travel tickets (or anything expensive) for free if you share the link to your social media pages. These trends are common these days and very persuasive as they create dummy accounts that claim they won before or say it is legit so that others will follow them. This way, the attacker can collect your social media information and use it for other purposes. The list goes on as they are getting sophisticated every day and hard to point out.

To protect ourselves, we need to know the different kinds of phishing attacks and beware of any communication that requires you to disclose your Personally Identifiable Information (PII). Always double-check sources that require you to provide your PII. Here are some of the common phishing to look out for.

• Email Phishing: is the most common type of phishing out there that targets general email users. In many other ways, they send an email saying their bank account is facing trouble or their order hasn’t been through and direct them to a fake login page so that they will give up their personal information.

• Spear Phishing: a targeted attempt to steal information from specific victims. Attackers use methods like social engineering to collect the data they need to articulate the perfect email to deceive the victim.

• Whaling: it’s a phishing type that targets higher executives as they are easily identified on different social media like LinkedIn.

• Vishing: is a voice-based attack that convinces the victims to share important information through phone calls. One recent example can be the Twitter hack that occurred in July. It manipulated one of the employees to give up sensitive data from high-profile users to access the account.

• Smishing: SMS-based attacks have been rising more as people don’t scrutinize SMS as they do for emails or other online inquiries. Smishing attacks have increased from 2% to 13%, according to Verizon’s 2020 Mobile Security Index.

What do cybercriminals do with the data they collected?

There are different types of data stolen by attackers, but they can be generalized and categorized into three types.

As the holiday season is upon us, it is an unavoidable reality that phishing scams will be rising drastically and won't go down anytime soon. To ensure our data security, we need to accept and learn to protect ourselves from these attacks. To do so, we should incorporate Mobile Threat Defense Solutions that will protect your mobile devices from various cybersecurity attacks.