McAfee Latest 2012 Holiday-Related Online Scams and Security Tips for Consumers
The holidays are just around the corner and amid the hustle and bustle many of us will fire up our devices to go online, order gifts, plan travel and spread Offers cheer. But while we’re getting festive, the cybercriminals are getting ready to take advantage of the influx of your good cheer to spread scams and malware.
With online holiday shopping expected to grow 12.1% in the US alone this year, to as much as $96 billion, and more people than ever using social media and mobile devices to connect, the cybercriminals have a lot of opportunities to spoil our fun. Using multiple devices provides the bad guys with more ways to access your valuable “digital assets,” such as personal information and files, especially if the devices are under-protected.
According to a McAfee global study commissioned by MSI International last year, consumers place an average value of $37,438 on the “digital assets” they own across multiple digital devices, yet more than a third lack protection across all of those devices.
So, as you head online this holiday season stay on guard and stay aware. Get familiar with our “12 Scams of Christmas” to ensure a safe and happy holiday season:
1) Social media scams—Many of us use social media sites to connect with family, friends, and co-workers over the holidays, and the cybercriminals know that this is a good place to catch you off guard because we’re all “friends,” right? Here are some ways that criminals will use these channels to obtain shopper’s gift money, identity or other personal information:
- Scammers use channels, like Facebook and Twitter, just like email and websites to scam consumers during the holidays. Be careful when liking Fan Pages, clicking on fake alerts from friends’ accounts that have been hacked, taking advantage of raffle’s, ads and deals that you get from “friends,” or installing suspicious “holiday deal” apps that give your private data away.
- Twitter ads and special discounts for popular gifts are especially popular, and utilize blind, shortened links, many of which could easily be malicious. Criminals are getting savvier with authentic-looking social ads and deals that take consumers to legitimate looking websites. In order to take advantage of the deals or contests, they ask them for personal information that can obtain a shopper’s credit card number, email address, phone number or home address.
2) Malicious Mobile Apps—As smartphone users we are app crazy, downloading over 25 billion apps[1] for Android devices alone! But as the popularity of applications have grown, so have the chances that you could download a malicious application designed to steal your information or even send out premium-rate text messages without your knowledge. Consider this: A recent study found that 33%[2] of apps ask for more information than they need, such as access to your contacts or location.
- TIP: So, if you unwrap a new smartphone this holiday season, make sure that you only download applications from official app stores and check other users’ reviews, as well as the app’s permission policies, before downloading. Software, such as McAfee Mobile Security, can also help protect you against dangerous apps.
3) Travel Scams—Many of us travel to visit family and friends over the holidays and begin our journey online looking for deals on airfare, hotels, and rental cars. But before you book, keep in mind that the scammers are looking to hook you with too-good-to-be-true deals. Phony travel webpages with beautiful pictures and rock-bottom prices are used to get you to hand over your financial details.
- Even when you’re already on the road you need to be careful. For example, the FBI recently warned travelers of a hotel Wi-Fi scam in which a malicious pop-up ad prompts computer users to install a popular software product before connecting to their hotel Wi-Fi.[3] If you agree to the installation, it downloads malware onto your machine.
- TIP: Remember to perform a security software update before traveling, to guard you against the latest scams.
4) Holiday Spam/Phishing— If you’re like most people, you’re probably familiar with spam emails containing questionable offers. But get ready, because soon many of these spam emails will take on holiday themes. Cheap Rolex watches and pharmaceuticals may be advertised as the “perfect gift” for that special someone. McAfee also expects to see an increase is holiday-themed phishing emails that try to trick you into revealing financial or personal details by posing as an offer from a legitimate business.
TIP: Remember never to respond to a spam email, or click on an included link.
5) The new iPad, iPhone 5, and other hot holiday gift scams—The kind of excitement and buzz surrounding Apple’s new iPad and iPhone 5 is just what cybercrooks dream of when they plot their scams. They will mention must-have holiday gifts in dangerous links, phony contests and phishing emails as a way to grab computer users’ attention. Once they’ve caught your eye, they can try to get you to reveal personal information or click on a dangerous link that could download malware onto your machine.
TIP: Be suspicious of any deal mentioning hot holiday gift items—especially at extremely low prices—and try to verify the offer with the retailer involved.
6) Skype Message Scare—People around the world will use Skype to connect with loved ones this holiday season, but they should be aware of a new Skype message scam that attempts to infect their machine, and even hold their files for ransom.
The threat appears as a Skype instant message with the scam line “Lol is this your new profile pic?”. If you click on the included link, a Trojan downloads onto your hard drive, blasts the dangerous link to all of your contacts, and can even try to extort money from some PC users to regain access to their files.
TIP: Never click on a suspicious link, even if it appears to come on from someone you know.
7) Bogus gift cards—Gift cards are probably the perfect choice for a lot of people on your holiday list, and given their popularity, cybercriminals can’t help but want to get in on the action by offering bogus gift cards online.
TIP: Be wary of buying gift cards from third parties; it’s best to buy from the official retailer. Just imagine how embarrassing it would be to find out that the gift card you gave your mother-in-law was fraudulent!
8) Holiday SMiShing — “SMiSishing” is phishing via text message. Just like with email phishing, the scammer tries to lure you into revealing information or performing an action you normally wouldn’t do by pretending to be a legitimate organization. Since many of us like to keep a close eye on our bank accounts during the holidays, be wary of SMiShing messages that appear to come from your bank, asking you to verify information or visit a phony webpage.
TIP: Remember that real banks won’t ask you to divulge personal information via text message. If you have any questions about your accounts, you should contact your bank directly.
9) Phony E-tailers–No matter what gift you’re looking for, chances are you can find it quickly and easily online, but you still want to be careful in selecting which site to shop. Phony e-commerce sites, that appear real, try to lure you into typing in your credit card number and other personal details, often by promoting great deals. But, after obtaining your money and information, you never receive the merchandise, and your personal information is put at risk.
- This is exactly what happened to customers of harbourelectronics.com, a copycat site of electronics repair store harborelectronics.net. It turns out that harbourelectronics.com was one of a host of the bogus e-commerce sites coming from the same IP address.
- TIP: That’s why it’s important to shop at trusted and well-known e-commerce sites. If you’re shopping on a site for the first time, check other users’ reviews and verify that the phone number listed on the site is legitimate.
10) Fake charities—This is one of the biggest scams of every holiday season. As we open up our hearts and wallets, the bad guys hope to get in on the giving by sending spam emails advertising fake charities. They may try to fool you into thinking that they are a real charity, such as the Red Cross, with a stolen logo and copycat text, or the charity may be entirely invented. For example, one man ran a bogus charity for the “U.S. Navy Veterans Association” and gathered $2 million from donors over five years![4]
- TIP: If you want to give, it’s always safer to visit the charity’s legitimate website, and do a little research about the charity before you donate.
11) Dangerous e-cards—E-Cards a popular way to send a quick “thank you” or holiday greeting, and there are plenty of free and paid e-card sites out there. And while most e-cards are safe, some are malicious and may contain spyware or viruses that download onto your computer once you click on the link to view the greeting.
- Others ask you to click on an attachment to view the card, and then download a Trojan onto your machine. That’s why you should look for clues that the e-card is legitimate.
- TIP: Make sure that the card comes from a well-known e-card site by checking the domain name of the included link. Also check to see that the sender is someone you actually know, and that there are no misspellings or other clues that the card is a fake.
12) Phony classifieds—Online classified sites may be a great place to look for holiday gifts and part-time jobs, but beware of phony offers that asked for too much personal information or ask you to wire funds via Western Union, since these are most likely scams. If you’re going to purchase an item or apply for a job, try to do it in person in a public place.
TIP: When purchasing an item, pay in cash and never agree to pay for an item before receiving it.
How to Protect Yourself Against Scams During the Holidays, and Year-Round:
1) Stay suspicious—Be wary of any offer that sounds too good to be true, and always look for telltale signs that an email or website may not be legitimate, such as low resolution images, misspellings, poor grammar, or odd links.
2) Practice safe surfing—Find out if a website is potentially dangerous before you click on it by using a safe search plug-in such as McAfee SiteAdvisor®. SiteAdvisor uses easy-to-read red, yellow, and green check marks to rate websites when you search for them.
3) Practice safe shopping—Stick to reputable e-commerce sites and look for a trustmark that indicates that the site has been verified as safe by a trusted third-party, like the McAfee SECURE™ mark. Also, look for a lock symbol and “https” at the beginning of the web address (as opposed to just “http”) to see if the site uses encryption to protect your data.
4) Use strong passwords— Make sure your passwords are at least eight characters long and contain a variety of letters, numbers and characters that don’t spell anything. Avoid using the same password for your important accounts, and never share your passwords with anyone.
5) Be careful when clicking—Don’t click on any links in messages from people you don’t know, and if you come across a shortened URL, use a URL expander to see where the link is directed to before you click.
6) Use a comprehensive computer security— You need complete protection that includes anti-virus, anti-spyware, anti-spam, and a firewall and make sure it is up to date. Online security and safety protection, such as McAfee All Access, can help protect all of your devices – PCs, Macs, smartphones and tablets – from holiday-related malware, phishing, spyware, and other common and emerging threats.
7) Educate yourself— Keep up-to-date on the latest scams and tricks cybercriminals use so you can avoid potential attacks. You can find helpful information on the McAfee Blog and the McAfee Advice Center.
[1] https://www.engadget.com/2012-09-26-google-play-hits-25-billion-app-downloads.html
[2] http://www.readwriteweb.com/mobile/2012/08/infographic-pay-attention-to-mobile-app-permissions.php
[3] https://www.fbi.gov/scams-and-safety/on-the-internet
[4] https://edition.cnn.com/2012/10/01/justice/ohio-fugitive-id/index.html