The 12 scams of Christmas

1. Charity phishing scamsMany popular charitable organisations encourage you to think of others during the holiday season through emails asking for year-end donations. In fact, according to McAfee’s recent holiday survey, almost 30 per cent of US consumers plan to donate online this year.  Unfortunately, hackers also know you’re in the giving spirit during the holidays and prey on their generosity through fake charity phishing emails.  Here’s how it works: The hackers send fictional emails that appear to be from well known charitable organisations, such as the Red Cross, the Salvation Army, and Oxfam, that direct consumers to fake websites designed to steal their money. The websites are generally very professional with a fairly high amount of graphical content and a good amount of verbiage designed to make the reader feel upset or guilty. Sometimes the layout and content of these fraudulent sites are copied directly from legitimate charity sites with simply a name and a logo changed. Don’t ever click on a link sent in email. And if you want to donate, go straight to the charity’s website. 2. Email banking scamsThe current economic climate is not only forcing more than 95 per cent of us to spend less money and buy fewer holiday gifts this season, but prompting hackers to take advantage of our bank account balance concerns to bah-humbug the holidays with another common phishing scam.  Financial institutions are the most common phishing scam targets. According to the Anti-Phishing Working Group, during the first quarter of 2008, 92 per cent to 94 per cent of all phish scams were financial-services related. With these scams, the bad guys send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don’t comply with the instructions, their account will become invalid.   So remember, call your bank by telephone if you’re concerned about your account. Never give your account details out as a result of an email request or you could fall victim to a popular phish scam designed to empty your wallet. And with the stress of the holidays, your guard might just be down enough that you fall for one of these scams.  3. Holiday e-cards. Most people never consider the dangers of e-cards – but unfortunately, there are plenty of dangers, especially during the holiday season. For example, a scam that was popular in 2007, was a New Year’s e-card that included a nasty surprise. When the consumer clicked on the link, they were brought to a malicious Web site that attempted to download Trojan software.

A few clues that an e-card is not legit are spelling mistakes, errors in the message, unknown senders or senders with bogus names and odd-looking URLS. Remember – if in any doubt about the legitimacy of an e-card, don’t open it. Never click on anything from an unknown source.   4. Fake invoices. During the holidays, lots of friends and families order and send gifts online. This is no secret to stealthy Scrooges who try to trick consumers into giving away personal financial details through fraud invoices.  The bad guys create a fake invoice or waybill and send it via email as an attachment. Once the consumer opens the email attachment, the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.  In every instance, the email either asks the consumer for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.

Pretty tricky, huh? This kind of scam has been played on many consumers who believed they were receiving emails from FedEx, UPS or the US Customs Service but instead were delivered a deadly Trojan program or other threat that can lead to identity theft or hacker control of a computer.

To protect yourself, never give your financial details over email to an unknown recipient or open a suspicious attachment. If you want to ensure you are reaching shipping sites like FedEx or UPS, open a browser and directly access the Web site. Also, ensure that your Internet security software is up to date to help spot Trojans and other forms of malware if you have opened a bad attachment. 5. You’ve got a new friend! As the joy of the holiday season brings people together and reignites old friendships, many of us are excited when alerted with a message that says, “You’ve got a new friend!” when using popular social networking sites. Sadly, in some cases, after clicking on the notice, you NOT only do not have a new friend—you have downloaded malicious software that you can’t even detect. Of course, it’s designed to steal personal and financial information. Stay away from “friends” you don’t know. 6. Dangerous holiday-related search terms. We love Santa too, but when clicking on the results of a “free Santa download”  search, in addition to the Christmas-themed screensavers, puzzles, and pictures you find, you also could be clicking on adware, potentially unwanted downloads, and spyware.  In fact, McAfee’s found that all of the following holiday-related search terms are risky: > Free Santa holiday screensaver > Free holiday screensaver> Free Christmas screensaver> Free holiday downloads> Christmas tree download> Free Christmas wallpaper> Santa wallpaper> Santa screensaver> Santa ringtones> Santa mail download> Santa download> Free Santa music downloads  7. Coffee shop cybercriminal. While everyone enjoys a warm gingerbread latte while surfing the net at their local coffee shop, most are not aware of the dangers in surfing on unsecured networks. Attackers can jump on an unsecured wireless internet connection with a program called a packet sniffer to see what web sites users are visiting, the passwords they are using, and what bank accounts they are accessing.   Also, an attacker might set up a rogue wireless access point nearby a coffeehouse. If somebody unwittingly connects to the attacker’s network, the miscreant can watch just about everything that goes on while that connection is in use and can redirect traffic, sending the unknowing user to the dark alleys of the internet.  Make sure you have updated security software including a firewall, that you’ve updated the patches on your system—and most importantly,  check bank accounts and shop online from a known, secure wireless Internet connection.  8. Password stealers. The McAfee holiday shopping survey found that 53 per cent of consumers admit they use the same password for multiple web sites or online services. You need to know that free and low-cost tools exist that make it easy for bad guys to guess passwords and hack into users’ PCs. That’s a holiday visit no one wants.  Attackers go after passwords for banks and e-commerce sites, multi-player online role playing games, instant messaging and finally, social networking sites.  As tricky as getting malware that’s delivered invisibly via spam, consumers could get a password stealer downloaded to their PC without even knowing it.  By using the same password, an attacker only has to nab one password to hit all of a user’s accounts. So this holiday season, be sure you use have an updated comprehensive security software suite to help prevent access to password-stealing malware. This includes anti-virus, anti-spyware and a two-way firewall. Remember to check to make sure your subscription software is current – and not just trial software that might be expired.  In addition, create complex passwords such as: $aNt@IsRe@l

Picture source

Share this story

Close
Menu
Send this to a friend