Businesses and consumers are preparing for the holiday shopping and gift-giving rush. Prices are falling, but cybersecurity hygiene is also falling. As inboxes fill with markdowns, opportunistic cybercriminals ramp up their holiday frauds. This post discusses why seasonal retail is targeted by cybercriminals, five holiday season scams, and what businesses and buyers can do to protect themselves.
The Attack on Seasonal Retail
From late November to the end of the year, shoppers worldwide spend billions on holiday deals and charity donations. In early 2020, the COVID-19 epidemic sparked a spike in online buying. Retail executives forecast at least single-digit growth in online holiday shopping traffic.
Cyber threat actors anticipate shoppers will fall for fraudulent behavior in the rush to get the greatest deals on limited-availability commodities. Scammers employ fake discount programs, phony websites, and even charity to steal buyers’ personal and financial information.
Here are five ways holiday threat actors exploit consumers and businesses.
1. Malicious Links and Fake Ads
This time of year, scammers target shoppers looking for the best deals and package promotions to stretch their dollars. Scammers advertise rare and expensive products at exorbitant costs. They promise great discounts just while supplies last or for a short time to get shoppers to click.
To improve clickability, scammers utilize the same marketing methods as real ads to deceive customers who are already moving faster than usual and may be less cautious. Unsuspecting victims are taken to fake sale sites with credit card skimmers when they click the link.
Staying Safe:
- Shoppers can avoid bogus ads and malicious links by checking the advertised product. An offer too good to be true? Check the brand’s official website to see if their product pages have the same sale prices.
- Don’t trust ad photos. Pixelated photographs are a red flag, but scammers also steal photos from brand websites.
- If a sale site seems suspicious, check for spelling and linguistic errors. Confirm that the website has detailed shipping, returns, customer support, and privacy policies. The company’s collection, use, and protection of personal and transactional data should be covered in a privacy policy.
- Check the site’s URL for “https” and a closed lock or unbroken key emblem to see if it’s trustworthy. Site data is encrypted using these icons.
2. Coupon Code Apps and Fake Discounts
Scammers will do anything to get critical information. They also create bogus apps that promise to search for and consolidate popular brand coupons and discount codes. Unofficial app repositories distribute these bogus programs to infect customers’ devices with malware, steal payment information, and access social networking and online banking accounts.
Staying Safe:
- If a firm name is unfamiliar, check community reviews and app age. Most scam apps are new.
- The app’s developer should be researched by shoppers. How easy is it to identify the developer? Leave if it’s unclear who they are and where they trade.
- Check an application or questionable file’s reputation using a security product or public malware checking website. But don’t upload private files—they’re shared openly!
3. Holiday Phishing and Email Scams
Sometimes a simple email with a brilliant subject line is enough to catch the fish. Cyber risks actors hide in big brand emails to commit phishing attacks around the holidays. Scammers impersonate popular brands’ holiday emails and offer low prices. The links take shoppers to fraudulent websites that drop spyware or steal login details.
Holiday email scams may send buyers invoices for products they didn’t buy in addition to special presents, bundle pricing, and coupons. Emails like this contain false links to “report an issue” or contact customer service. The crooks believe furious shoppers would click the links thinking they can dispute the invoice.
Staying Safe:
- Use reliable security software to block malware and phishing frauds.
- Update your device’s operating system and use multi-factor authentication.
- Before clicking on links in emails, check them. Scammers typically utilize URLs that seem like authentic ones, replacing letters and spacing with numbers and punctuation or utilizing unusual domains.
- Shoppers should also check that their browser settings disclose full website addresses by default and that their privacy and security settings are set correctly.
4. Scam charities
Threat actors are ready to capitalize on the holiday season’s generosity. Scammers take advantage of people’s kindness during this time of year by spoofing charity phone numbers and impersonating agents to ask for donations. Some cyber scammers use SMS messages, target people on social media, or use a computerized auto dialer to deliver pre-recorded messages.
Staying Safe:
- Avoid these solicitations online, via phone, or in person. The safest approach to donate to a charity is to contact them directly or donate through their website.
- Always use a credit card and make sure the websites have strong payment protection.
5. Fake Seasonal Work Offers
Before the holidays, companies hire. For years, consumers have trusted renowned companies, but they may apply for part-time, seasonal jobs and offer their personal information to a fraudster. These scammers pose as HR professionals, recruiters, and even senior managers of actual firms and post help-wanted advertising via email or social media.
Most available positions require applicants to fill out forms with personal information including address, tax information, social security number, work permit information, and more. If the ad isn’t phishing, candidates may be sent to fake sites that collect email addresses and passwords or ask for upfront payment for job supplies and training.
Staying Safe:
- Research the company’s website and channels before applying for a holiday job. Find the official job ad on their Careers main page and verify the role specifics.
- Be wary of jobs with imprecise qualifications, large wages, or promises to “earn money fast.” Another red indicator is being offered a job without an interview.
- Only give personal information connected to the application process after meeting with a corporate HR representative in person or online.
Cybersecurity is Needed Especially During Holidays
We’ve covered numerous classic holiday scams that consumers encounter, but companies must also protect themselves and their customers from cyber dangers. When threat actors are more active around the holidays, firms may be understaffed and overworked. Businesses should expect more malware campaigns, ransomware, DDoS assaults, and data loss during the holidays. Better cybersecurity can protect businesses and customers from Christmas scams as digital transactions rise throughout the holidays.
Keep up your internet hygiene and be aware of deals that appear too good to be true while shopping. Good internet habits like keeping personal information and payment data private and double-checking site, link, and app legitimacy can save buyers from much anguish during what should be a pleasant season. Local businesses may safeguard themselves and their customers from payment data and identity theft. A Plus Computer can help you protect your business and valuables 24/7.
