Featured On
Christmas phishing scams - Why are they so popular?
The festive season is upon us, bringing joy, warmth, and unfortunately, an increase in holiday scams designed to exploit the goodwill and online shopping frenzy. As you prepare for the festivities, it's crucial to be aware of common scams that could jeopardize your holiday cheer.
Did you know? Estimates suggest that 1 in 4 online shoppers may fall victim to shopping scams during the festive period.
Unfortunately, cyber criminals are out in force during this period, preying on the fact that online shopping activity increases in the lead-up to Christmas. Likewise, holiday deals on different brands and goods, as well as holiday travel deals, are also hugely popular at this time - as is the urgency that may lead to lax security as shoppers seek to make their Christmas preparations, while also scooping great value deals. In this blog post, we'll explore prevalent Christmas shopping scams and provide insights on how to avoid falling victim to them, with a special focus on the role of ReasonLabs in enhancing your online security.
1. Phishing Email Scams: Cyber Christmas Warning
Scammers often send phishing emails disguised as holiday promotions. Holiday e-cards are also becoming increasingly popular over the traditional snail mail versions, but unfortunately there may be fraudulent versions that have the potential to deliver malware to your device.
How to avoid falling victim to phishing email holiday scams:
- Avoid clicking on suspicious links.
- Check the sender’s email address to verify that it’s real.
- Use a reliable antivirus such as RAV Endpoint Protection to detect and block phishing attempts.
2. Fake Gift Christmas Scams: The Gift That Keeps on Taking
Beware of unsolicited gift card offers from unknown sources. You might come across an offer for an enticing gift card balance or a card sold at a significantly discounted price compared to its face value. However, clicking on the link provided in the email or text, supposedly to claim your gift card, may result in malware installation, the compromise of your personal data, or receiving a stolen card.
Gift-giving pyramid schemes are on the rise, with the Better Business Bureau (BBB) labeling these social media gift exchanges as ‘Secret Sister’ scams. In this scam, the thief sends an inviting phishing email, e-card, or social media message e.g. send just one gift and receive up to 36 gifts back. Unfortunately, not only will you lose your gift and not receive the others that were promised to you, but fraudsters will now have your personal information.
How to avoid gift phishing scams:
- Stick to reputable retailers
- Use Dark Web Monitoring to scan your email for data leaks
- Remember that gift exchange schemes online are almost always a scam - you are better off creating your own Secret Santa group with known friends and family!
Secure your privacy. Check cybercriminals don’t have access to your personal info.
3. Counterfeit Websites: The Grinch's Online Lair
Fraudsters create fake phishing websites with too-good-to-be-true deals on popular gift items, with the aim of tricking victims into sending payment, sharing credit card details, or collecting personal information. These could range from luxury goods to buy-in-bulk items, or Buy 1 Get One Free deals.
How to avoid shopping on counterfeit phishing sites:
- If the deal looks too good to be true - it probably is!
- Check for secure connections - a verified website should start with ‘https’.
- Identify and block malicious websites with the Online Security browser extension.
4. Social Media Scams: Christmas Elves or Online Trolls?
Scammers exploit the holiday buzz on social media platforms. Be cautious of fake giveaways and offers advertised on social media. The latest social media shopping scam involves fraudsters using TikTok and other social media platforms to pose as aggrieved ex-employees, ‘exposing’ steep discount codes from their previous employer — but with the discount code comes a high ‘shipping cost’, so before you know it you are much more out of pocket than you realize!
Scammers may also use hacked accounts to advertise steep discounts on luxury or in-demand goods — but the products either don’t arrive or are cheap knockoffs of what was advertised.
How to avoid social media Christmas scams:
- Don’t engage with strangers on social media who are trying to ruthlessly sell you something.
- Employ two-factor authentication (2FA) or multifactor-authentication (MFA) on all your social media accounts - this will protect your accounts from getting hacked and used for future fraudulent purposes.
- Use a browser extension like Online Security which can intercept malicious cookies and trackers that target you with hostile advertising, adding an extra layer of defense against social media scams.
5. Shipping and Delivery Scams: Holiday Season Predators
Fake shipping or delivery notifications are designed to trick users into revealing personal information. For example, fraudsters send fake delivery notifications claiming your packages are delayed, that extra payments are required, or that there are other issues that need your attention.
If you have been targeted by one of these types of scams, you may have been sent an email or text message that includes a link to click to “solve” the issue. But if you click it, you’ll be taken to a fake website that will steal your personal and payment information.
How to avoid fake delivery and shipping scams:
- Verify tracking details independently so you can track your package on the company or courier site.
- If an SMS or email seems suspicious, don’t engage with it - do not reply, and do not open any attachments.
- Use a cybersecurity product such as RAV Endpoint Protection to provide comprehensive defense across your PC and detect malicious emails and messages.
Secure your privacy. Check cybercriminals don’t have access to your personal info.
6. Charity Cons: 'Tis the Season to Give (Wisely)
Don’t let acts of kindness turn you into a victim! Be wary of scammers taking advantage of the holiday giving spirit. Criminals looking for financial gain may make fraudulent phone calls – possibly spoofing legitimate charities' phone numbers – or may set up fake charities to try to steal your money or personal information. They may even cleverly include added enticements in their charity pitches, such as end-of-the-year tax write-offs.
How to avoid goodwill charity Christmas scams:
- Check the legitimacy of charities before donating by researching who the charity is, and what they do. Crowd-funding websites such as GoFundMe campaigns are should be verified to ensure legitimacy, so make sure you do your homework.
- Verify the charity phone number is real. If plan to donate to charity by text, double-check the charity's official website to see if the number you have is legitimate. Also, verify the information provided in online solicitations, such as on social media platforms, before you donate or submit your credit card details.
- Utilize cybersecurity software such as Online Security’s URL blocker that protects against security threats from suspicious websites.
7. Seasonal Job Scams: Santa’s Helpers or Identity Theft?
Retailers hire thousands of temporary workers during the holidays. Before agreeing to work for anyone, watch out for job scams designed to collect your personal information, including Social Security numbers and bank account information.
How to avoid seasonal job scams:
- Verify the company or credentials of your prospective employer.
- Glassdoor offers potential employees the opportunity to read reviews before starting work allowing you to check that the job offer is real.
- Utilize two-factor authentication (2FA) or multifactor-authentication (MFA) on all account information so that even if a scammer gets hold of your details, they won’t get very far.
8. Wi-Fi Eavesdropping: Staying Cyber Safe
Public Wi-Fi networks can be breeding grounds for cyber attacks. If you are planning to do some Christmas shopping online, make sure you protect your online surfing activities from hackers who would love to steal your credentials once you’ve neutered your payment details.
How to protect against Wi-Fi hacking:
- Be cautious about logging on to unprotected networks.
- Be aware of notifications that warn you about logging on to particular websites or networks.
- Safeguard your online activities using a VPN such as RAV VPN.
Secure your privacy. Check cybercriminals don’t have access to your personal info.
9. Travel Scams: Holiday Cheer vs. Fake Deals
People often use the holiday period to take a trip - either somewhere warm to escape the freezing temperatures, or North on a Santa quest. However, scammers may try to take advantage of would-be travelers, with travel scams offering unrealistic deals. Travel phishing scams often use social engineering on spoofed travel websites to harvest private data.
How to avoid travel Christmas scams:
- Avoid too good to be true” deals. Use official travel sites rather than clicking on well-placed ads. If you can’t find the same deal, or at least a relatively similar one on the airline’s website (or on trustworthy third-party booking sites), it’s most likely a scam.
- Don’t give out personal information on the ‘follow-up call’. Part 2 of the travel scam often involves fraudsters calling to request additional information after you book a flight. They’ll request your flight information, credit card details, and more — all of which they can use for financial and identity theft.
- Use cybersecurity software such as Online Security browser extension to verify the legitimacy of travel websites and emails.
10. Crypto Gift Card Scams: Cutting-Edge or Risky?
You may have decided this is the year to break away from the traditional gift card and opt for something cutting-edge. However, if you do decide to go down the cryptocurrency route, proceed with caution: These scams often target individuals who may not be familiar with cryptocurrencies or those who are looking for quick ways to invest or make money.
How to recognize a crypto gift card scam:
- Scammers will impersonate trusted entities, such as customer support from popular cryptocurrency platforms, government agencies, or tech support services. They will then use urgent language to pressure you into parting with the gift card details. Don’t feel threatened - you are entitled to take the time to verify that someone is who they say they are.
- If you suspect a crypto card scam, report it to the relevant authorities.
- Educate yourself on scam awareness. Visit the ReasonLabs site for more information on recognizing different online scams.
11. Letter from Santa Scam: A Warning to Parents!
A handwritten letter from Santa to your child may seem like a great creative gift idea but in the past, these gift ideas have been hijacked to become yet another Christmas scam. The offer will usually take you to a website that can appear legitimate, where you can customize your letter from Santa Claus. However, unsuspecting parents who purchase the item and enter their credit card information may find themselves unwitting victims of identity theft. The threat actors may even have procured your child’s name and address, which is also extremely worrying.
How to avoid the ‘Letter from Santa’ scam:
- Verify the website: Make sure the website has real contact information. If something goes wrong with your order, you need to be able to contact the business at a physical address. When in doubt, confirm that the address and phone number are real.
- Do your research: Check previous customer reviews to verify that the company is genuine.
- Use security software that can detect threats and malicious websites, such as Online Security browser extension .
12. Toy Scams: Santa's Not-So-Trustworthy Helpers
In their desperation to get their child that sought-after popular ‘toy of the year 2023’ parents may forget to stay as vigilant as they should. Scammers are great at preying on desperate people - they can create fake websites that claim to sell in-demand toys, but either never ship you the product, or send a cheap imitation knock-off instead.
How to avoid Christmas toy scams:
- Only purchase toys from reputable retailers.
- Don't be fooled by a ‘great deal’ - super-low prices are often the biggest red flags!
- Use Online Security browser extension to scan websites for potential scams.
As you celebrate the season of giving, don't let cyber scrooges dampen your holiday spirit. Stay vigilant, employ the best cybersecurity practices, and let the full ReasonLabs Cybersecurity suite be your digital guardian against the 12 scams of Christmas. Wishing you a safe and joyous holiday season! For more information on all ReasonLabs products and services, visit www.reasonlabs.com.
Secure your privacy. Check cybercriminals don’t have access to your personal info.