You Better Watch out Because These 8 Cyber Scams are Coming to Town
You better watch out. Be careful when you buy. Better check your accounts. I’m telling you why…cyber scams are coming to town!
According to McAfee, a well-known cybersecurity company, most Americans intend to do their holiday shopping online this year, which makes sense because online shopping is convenient and timely. But it also opens you up to a host of cyber scams. Cyber safety product seller, Norton, conducted a survey that revealed that 50 percent of people who were targeted by a cyber scheme attempt, fell victim to it. Fifty percent. That’s a pretty significant percentage, and if your members are planning to do the majority of their shopping online this year, they could just as easily become a part of that statistic. Now, you may be wondering…Mike, how do I protect my members from falling victim? And to that I answer…educate them. Keep reading, and I’ll walk you through the eight most common cyber schemes that occur during the holidays.
Eight Common Cyber Schemes During the Holidays
Charity Schemes. Giving back to others is in our DNA as credit unions. After all, “people helping people” is our movement’s philosophy. Even those who don’t normally give or volunteer typically feel extra generous around the holiday season. However, this can backfire. From fake GoFundMe’s to bogus charitable organizations, there are a plethora of charity schemes out there during this season. Be careful about giving money to people you don’t know, and even if you do know them, be careful about sending them money over websites like GoFundMe until you confirm with them that it’s a legitimate request. If you’re giving to a charitable organization, double check that it is registered on CharityNavigator.org before donating to them. It’s also best practice to double check that you have the correct web address for the charity, as there are some schemes where the charity is real, but the web address isn’t.
Delivery Notification Schemes. Have you received one of those text messages or emails from Amazon, FedEx or UPS stating that there was a failed delivery for your package and you have to click on a link to reschedule the delivery? That’s a scam. After you click on that link, they’ll probably ask you for your sensitive information, which will go right into the hands of a bad actor. It’s always best practice to check directly on Amazon’s website/app or on the FedEx and UPS website.
Freebies. Everyone loves a good freebie, but most of the time, they come with a high price tag. This price tag could come in the form of your banking information or other sensitive data. So, if you see giveaways like free iPhones, free cars or free houses, that’s a sure-fire sign that it’s a scam. Any type of luxury item or even smaller items like music or wallpapers or anything of that sort that is given away for free, is likely to be a scam. It’s important to be vigilant and stop to think before you click on any links or agree to send “shipping fees” for your “free items.”
Gift Card Schemes. When it comes to gift cards, you should never use them to pay fees, taxes or any other types of payments. You should only use a gift card as a gift for someone. Gift card schemes usually start as a phone call or an email from someone impersonating someone else. This can happen in a couple of different ways.
- A bad actor will call or text the victim pretending to be a love interest, friend or family member in trouble. In order to help them, they’ll request that the victim go to the store, buy a gift card of a certain value and then provide the bad actor with the gift card’s number.
- A bad actor will call, text or email a victim impersonating a bill collector or a government employee. They’ll tell the victim that they owe taxes or fees that need to be paid or else the victim’s bank account will be frozen or the victim will be in trouble with the law. In order to pay these taxes or fees, the bad actor will tell the victim to purchase a gift card of a certain value and then provide the bad actor with the gift card’s information.
In both of these scenarios, the victim could be losing hundreds of dollars to these bad actors. Again, gift cards should never be used for anything other than giving as a gift. So, when cousin Johnny calls saying he needs you to send him money for a hotel room for the night, hang up and call cousin Johnny by a number you know is legitimate before running off to the store to buy a gift card. And always remember, the federal government is never going to call, email or text you about taxes you owe. They’ll send you a legitimate letter in the mail.
Holiday Jobs. Most people are looking for a little extra income this time of year, so part-time holiday jobs are appealing. It’s important to watch out for these though. If a job is posted on social media or even a job site offering $65 an hour to pack and mail products from your house two days a week, it’s a scam. Typically, these places will ask for your banking information, social security number or other sensitive information. They may even ask you to send them money first, so they can “send you the supplies for the job.” You can also tell if a job is a scam by how the hiring process takes place. If you’re conducting an interview over chat, it’s probably a scam. If you’re hired on the spot after only being asked a few questions, it’s probably a scam. Be extremely cautious when applying for and accepting holiday jobs this season.
Phishing Emails. Unfortunately, this one never seems to go away, even during the holidays. In fact, phishing emails can get even worse during the holiday season because bad actors know it’s a busy time of year for most people. The holidays fly by, and we get so caught up in the shopping, giving, spending time with family and friends, etc. that we don’t always slow down and think twice. And that’s what a bad actor utilizing a phishing email is counting on. They don’t want you to stop and think. They want you to click on a “great deal” or see why your card was “recently declined.” It’s always important to slow down and double check the grammar, spelling, etc. of an email, but it’s especially important this time of year.
Stolen Packages. As I’ve mentioned before, online shopping is convenient, and with online shopping, comes deliveries. A lot of us get multiple packages throughout the holiday season, and if you’re not at home when the packages arrive, you could find yourself vulnerable to porch pirates, or people who still packages from porches. While this is a difficult scam to prevent, there are a couple of ways that you can try to protect yourself from porch pirates. USPS has a tracking service where you can track your packages from the start of their journey to the end. This can’t prevent people from taking packages from your porch, but it can let you know when your packages are delivered so that you can get to them sooner. Another option is to invest in a parcel drop box or an anti-theft box. These boxes allow your packages to be delivered to a safe place that is locked and protected from other people. Only those with the key and/or combination to the box will be able to retrieve the package once it is delivered.
Traveling/Rental Schemes. Getting away for the holidays seems like a great idea until you fall victim to a traveling or rental scam. These schemes typically happen when there is a fake advertisement for cheap flights or cheap rentals. For example, you may see a beautiful vacation rental at a price that seems like a steal of a deal. You may even contact the “owner” and pay the deposit or payment for the vacation rental, and it’ll all seem seamless and simple until it’s time for you to gain access to it. At this point, you’ll find out that the “owner” wasn’t the owner at all; they were a bad actor and you fell for a rental scheme. If it seems too good to be true, it probably is. Make sure when you’re booking your traveling arrangements that you do so through a reputable site like the official airline website or sites like Expedia, Booking.com, etc. Also, if you’re booking an Airbnb, make sure to submit the payment via the app so that it’s trackable. Once you move off the app and move to some other area to submit your payment, it may become untraceable.
Now, it might be cold outside, but these eight schemes are definitely heating up, and they don’t show signs of stopping. Make sure to educate your members about these potential holiday scams before they fall victim to them.
In addition, the U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) issued a Cyber Crime Advisory Report that you can share with your members too. In this report, they provided tips on how to stay safe during the holiday shopping season. The OCCIP also sent out a press release where they noted that with the rise of artificial intelligence (AI), bad actors are able to learn and quickly adapt in order to carry out more sophisticated phishing attempts.
I hope you’ve found all of this information useful, and I hope you share it with your members so that they can protect themselves. Because while the holiday season is full of love and laughter…it’s also full of cyber scams.
Happy holidays!
Mike Bechtel is an information security engineer for Vizo Financial Corporate Credit Union. As such, he provides incident response planning services, information security risk assessments, security awareness training, social engineering and vulnerability testing and reporting and information security-related consulting services to credit unions.