The holidays are a time for cheer, family and friends, and gift giving — and unfortunately, cybercrime. While people are busy decking the halls and preparing their holiday feasts, cybercriminals are also hard at work coming up with new ways to scam people out of their sensitive data and hard-earned money.
In this blog post, we’ll discuss five common holiday-themed cyberthreats to watch out for and how you can defend against them.
1. Fake eCommerce sites
During the holidays, many people go online to purchase gifts and decorations. Cybercriminals pounce on this opportunity by setting up sites that look like legitimate online stores but are actually designed to steal people’s credit card and personal information. Some even create spoofed versions of popular eCommerce sites like Amazon.
So if you’re planning on doing any online shopping, do prior research to ensure the site you’re using is legitimate. Here are some things to look for:
- The site’s URL should start with “HTTPS” and not just “HTTP.”
- There should be a padlock icon next to the URL in your browser.
- There’s contact information, such as a phone number or an email address, listed somewhere on the site.
- The site has been around for a long time. You can find out how long a website’s existed by doing a Whois search.
If you’re unsure about a site, err on the side of caution and find another, legitimate site to make your purchase.
2. Phishing emails
Posing as a legitimate individual or company like a bank or retailer, cybercriminals send out emails to trick people into giving up sensitive information. These phishing emails usually contain a malicious link that takes victims to a site that asks for their personal information, such as login credentials and Social Security numbers.
Holiday phishing emails usually adopt the following themes:
- Fake online purchase – Victims receive an email purportedly from Amazon or another eCommerce company confirming their order.
- Bogus delivery updates – Cybercriminals pretend to be from FedEx or UPS and send emails notifying victims of a delayed shipment or failed delivery attempt.
- Fraudulent holiday travel promotions – Posing as a travel agency or hotel, cybercriminals send emails offering attractive holiday vacation packages.
Whenever you receive any unsolicited email, even from a company you do business with, don’t click on any links it may contain. Hover your mouse over the links first to see where they’re actually taking you. Better yet, get in touch with the supposed sender using their official contact details — not the ones found in the email — to verify if they sent that email.
Related reading: Spectrumwise’s ultimate guide to email security
3. Malicious holiday-themed websites
Cybercriminals create legitimate-looking holiday-themed websites, such as those that contain holiday gift guides or generate eCards, to collect people’s personal information.
To avoid becoming a victim, it’s best to visit only websites that you trust. If you’re not sure if a website is legitimate, do a quick Google search to see if there are any reports of it being a scam.
4. Bogus holiday job posts
Scammers post fake listings for seasonal jobs, such as working as a Christmas elf or Santa Claus at a local mall. These listings often require people to provide sensitive information, such as their birth date, address, and Social Security number, in order to apply.
To stay safe when looking for a seasonal job, stick to well-known job sites like Indeed or Monster.
5. Fake charities or donation drives
During the holiday season, many scammers set up fake websites or social media pages where they solicit donations. So before making a donation, check the organization’s legitimacy first on websites like Charity Navigator and GiveWell.
Also, visit the charity’s official website to find out how they will use the donations they receive. If you can’t find that information, it’s likely a scam.
What’s more, when donating online, use a credit card instead of a debit card. This way, you can ask for a reversal of charges if the charity turns out to be a fraud.
SpectrumWise’s cybersecurity services can keep your business safe from all types of online threats. Schedule a FREE consultation with our IT security experts today.
