Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Cybersecurity Consulting
Top 6 Holiday Scams
December 06, 2022
5 Minutes
Although the holidays bring a sense of cheer and warmth to many, the spike in holiday scams means that cybercriminals are also looking to make the most of this season. From emails loaded with malware to seemingly innocuous social media posts, the ways in which these cons are conducted are many.
“The fact is these scammers become more and more sophisticated, and they have very complex, behind-the-scenes ways of trying to trick you.” -Mary O’Sullivan-Andersen, Better Business Bureau
Since organizations’ networks can also be jeopardized when an employee accidentally discloses credentials or clicks malicious links on a company device, we invite you to share these top holiday scams with your staff. Raising awareness could make the difference between a safe network and a data breach.
If you’d first like to learn the best ways to avoid these scams, check out the blog 7 Tips to Avoid Holiday Scams for Businesses.
1. Phishing Emails
Phishing is one of the most common holiday scams. It is the second most common way cybercriminals breach into organizations’ networks, just below stolen or compromised credentials.
With phishing, a bad actor poses as a trusted or authority figure and sends an email to their target, requesting them to provide valuable information—like credit card numbers or company data—or money.
Phishing emails can also contain malicious files or links. They often convey a sense of urgency to lure the victim into clicking these links. They can be used to request credentials, which are later used by the cybercriminal to access the victim’s network, block access to accounts, and even escalate their privileges once inside the system.
As you can see in the example below, the scammer is trying to pose as a business to get the receiver to either click a link or reply to continue the scam. Their email address is a personal email address and not one given by a business.
To avoid a phishing scam this holiday season, be on the lookout for these red flags:
- The email has a sense of urgency
- You were not expecting this message
- Grammar errors appear in the subject or body of the email
- Links leading to an unexpected URL
- The sender asks you for private information
Below, enjoy our holiday-themed animated video of a hacker attempting to use phishing to steal data. DOT Security wishes you secure holidays!
Related Infographic: Avoiding Phishing Scams: 6 Things to Look Out For!
2. Lookalike Websites
Links shared on social media or through email may lead to fake websites made by scammers to look like the legitimate business they are trying to copy. These pages are designed to trick users into “downloading malware, making dead-end purchases, and sharing private information,” the Better Business Bureau warns.
These websites are created during the holiday season since malicious actors know people are looking for deals, end-of-year sales, or presents for their families. See below a fake website made to look like the home page of popular children’s video game, Minecraft.
As you can see, the scammers worked hard to make the page look like an official page. However, the URL is different than the actual Minecraft website’s. Unsuspecting parents or children could click its links and unknowingly download malware or pay for a nonexistent game.
3. Fraudulent Alerts
The Better Business Bureau (BBB) reports an increase in scams claiming users’ accounts—such as their streaming service, online shopping, or bank accounts—have been compromised.
These alerts can come through email, text, or phone calls. The BBB warns consumers to be wary of unsolicited notifications.
A fraudulent account alert may tell a user there is suspicious activity in their bank account, for example, or say that a transaction has been completed, or inform them that their account has been blocked and they need to log in again.
As you can see, all of these are crafted to make the victim want to click links or reply to texts. However, staying alert and inspecting the URLs, sender information, and content when you get unexpected messages can help you avoid this scam.
Related Blog: 5 Common Cybersecurity Mistakes
4. Malicious Holiday Apps
If you look in your phone’s app store, you will notice many new holiday apps. Apps that let kids send a message to Santa, create a Christmas tree, build a snowman, etc., or apps where people can decorate their holiday photos or videos.
Of course, not all of these apps are malicious, but in an age where users seldom read privacy policies, scammers can take advantage of this and take more information from people than is needed. Some of these apps may even contain malware, the BBB reports.
Before downloading any app during the holidays—and at any other time of the year—check to see if the manufacturer is legitimate, look over user reviews to see if any incidents have occurred, and take extra time to read the privacy policy.
5. Fake Crypto Investments
People looking to invest their money in cryptocurrency should be aware of the rise in fake websites that claim to trade this type of currency.
A reddit user warned others not to conduct any transactions on a crypto investment site he attempted to trade on while were in a hurry. The victim accidentally typed the wrong URL and landed on a website that was almost identical to the legitimate cryptocurrency trading page, except for one missing letter.
Whenever it comes to investments, you should always double check that you are using the intended platform. Find out whether the company you are looking to invest with is legitimate by using an online tool, such as this one by Creditsafe.
Related Blog: Notable Recent Data Breaches in 2022
6. Phony Social Media Ads
Scammers are also looking for victims on social media platforms. On your feed you may see items for sale or holiday events that look inviting.
However, these could be a post designed to get your credit card information, charge you a monthly fee you never intended to pay, or simply send you an item that is of much less value than the one you thought you purchased.
An Etsy seller, for instance, found out her online shop’s pictures had been used by scammers to create fake social media ads for her glass holiday trees. Social media users thought they were purchasing her decorative trees, but the item they received was a cardboard knockoff.
Not only were the shoppers affected, but the seller received complaints and bad reviews despite having been a victim of the scam herself. Since online shopping scams are the most commonly reported to the BBB’s Scam Tracker, online shoppers should be aware of the rise in fake posts as well as ensure they are buying from a legitimate business.
Bottom Line
Be cautions this holiday season. Scammers looking to infiltrate your personal or business network are always working to develop innovative ways to trick people into clicking links or sending sensitive information.
Share this knowledge with your employees or family. It can be a great gift to raise awareness and help them stay alert.
To learn how to prepare better for these scams and stay secure, check out the blog 7 Tips to Avoid Holiday Scams for Businesses.