The holiday season means overeating, overspending, and if you’re not careful… oversharing financial information with cyber criminals.
With the holiday season right around the corner, retailers across the country are ramping up their advertising efforts for the busiest shopping season of the year. Given that consumers have spent nearly $18 billion online on Black Friday alone the last two years, the holiday shopping season is one of the most lucrative times of the year for retailers.
But retailers aren’t the only ones chasing holiday spending revenue.
The shopping season is also one of the busiest times for cyber criminals, who view the holiday season as a prime opportunity to cash in on consumers who let their guard down due to increased holiday stress and shopping volume.
While scams may be wrapped differently, here are some of the top cyber threats to watch out for this holiday season.
The Amazing Deal
If a deal seems “too good to be true,” it’s usually a tell-tale warning sign of a scam, but this old adage may not ring true during the holiday season when consumers are expecting large sales and discounts in line with Black Friday and Cyber Monday specials.
A 75” flat screen television for $100? A $500 recliner for $50?
Under normal circumstances, nobody in their right mind would think that was a real deal, but on Black Friday or Cyber Monday, consumers may see this as a legitimate deal versus an obvious scam.
This is the exact mentality threat actors prey on to get consumers to click their way to fraudulent websites and provide personal and sensitive financial information.
Pro Tip: During and after the holiday sale season, be skeptical of all deals and don’t let your guard down even if you’re on a well-known retailer’s website shopping for toys for your kids. Turbo Man isn’t worth having your credit card information stolen.
Shipping and Payment Scams
One of the fastest growing scams in recent years involves fraudulent communications regarding shipping or payment issues. Scammers simply send a text or email or pick up the phone to notify their target that a recent purchase has been declined or there is a shipping issue on a recent purchase.
In many cases, scammers imitate large retailers like Amazon or FedEx with the hope their target recently ordered something online or made a shipment, both of which are extremely likely during the holiday season.
Scammers will offer to remediate the issue, which normally involves the target providing credit card information or clicking on a link to an imposter website loaded with malware.
The good news is, for people who remain vigilant, these scams are fairly easy to spot. The following list highlights some of the more frequent tactical mistakes and common warning signs to be aware of:
- Unexpected and urgent requests for money in return for delivery of a package
- Requests for personal and/or financial information
- Links to misspelled or slightly altered website addresses, such as “fedx.com” or “fed-ex.com”
- Spelling and grammatical errors or excessive use of capitalization and exclamation points
- Certificate errors or lack of online security protocols for sensitive activities
Pro Tip: Avoid clicking on any links or providing information to unsolicited communications, and remember, you can always review your receipts for tracking numbers or contact the retailer directly if you have concerns over payment or shipping status.
Imposter Charities
The holiday season is also a season of giving, with many charitable organizations receiving an influx of donations during November and December.
In fact, the Tuesday after Thanksgiving is now recognized as Giving Tuesday, which began in 2012 to promote philanthropic giving during the busy retail season.
Unfortunately, but not surprisingly, scammers have used the spirit of giving as an opportunity to pad their pockets through the creation of fraudulent charities.
Whether they are imitating a well-known charitable organization or fabricating one like “The Human Fund,” the concept is simple… ask for monetary donations and keep all the money. In recent years, these imposter charities have asked for cryptocurrency or worse, stolen financial information by imitating legitimate online donation portals.
If you are interested in donating this holiday season, the Federal Trade Commission offers consumer guidance on how to give to charity securely in this article.
Pro Tip: Be wary of charitable requests that sound urgent, contain links or send you to websites requesting financial information.
Social Media Scams
Another popular holiday shopping trend is Small Business Saturday, which promotes supporting small businesses in local communities.
With a growing number of small businesses using social media as an extension of their ecommerce ecosystem, it is no surprise that social media scams are common during the holiday season.
In addition to ecommerce, social media is filled with advertisements from national retailers and primary channel crowdsourced fundraisers, such as GoFundMe.
As easy as it is for a legitimate business to post advertisements and host an online store with secure payment options, it is just as easy for scammers to use the same functionality.
Pro Tip: Be wary of clicking on social media advertisements or providing payment information to unverified online shops.
Malicious Websites
One of the common cornerstones of all the above mentioned scams is a malicious website.
Some of these websites imitate authentic websites with the intent of tricking the target into providing financial and other private information. In other occasions, these websites are designed to install malware to breach connected devices, which are usually accessed when someone clicks on a phishing email, text or an advertisement.
While there are typically red flags that would indicate that you are on a malicious website such as typos, disproportionate logos or bogus URLs, scammers are relying on the notion that you’ll be too busy to think before you act this holiday shopping season. If there is a hot item that is sold out at large retailers or you clicked on an ad from another site, chances are you may overlook something you would have noticed under normal circumstances.
There are several free online tools that can help verify websites, including Google’s Transparency Report Tool.
Pro Tip: Verify that you are on a secure website by looking for https:// and a padlock icon in the address bar.
Whether you are shopping on Black Friday, Small Business Saturday or Cyber Monday or donating on Giving Tuesday, we hope our article helps you and your network do so more securely.
CISA Holiday Cybersecurity Resources
- CISA Shop Safely Home Page
- CISA Online Holiday Safety Tip Sheets
- CISA Holiday Scams and Cyber Threats Press Release
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of expert practitioners offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.
