The year-end is when you spend the remainder of your leaves and flaunt your cards to travel and buy things left, right, and centre. Hackers know this well too and make this holiday shopping season a happy hunting ground to dupe people.

“The festive season is also when scams start to skyrocket. Every year around this period of time, be it year-end or the Christmas season, the majority of celebrants are eager to gather, express gratitude, and give gifts,” Sundar Balasubramanian, Managing Director, Check Point Software Technologies, India and SAARC, cautions.

He listed out ten common themes that hackers follow to deceive people and how to dodge such attempts.

1. Deceptive social media advertisements.

The hackers direct users to fraudulent online stores that pinch credit card information and personal details. Falling prey to such schemes can result in monetary losses and identity theft.

How to avoid: You must look for customer reviews, ratings and testimonials from reputable sources. Be skeptical of deals that seem too good to be true.

2. Deceptive delivery notification texts.

Beware of delivery notifications. Don’t track the orders that you have never placed. These fraudulent messages falsely say that there will be a delay in shipping a product that you ordered, or they demand a payment fee under the pretext that it’s required for a package’s delivery.

How to avoid: Verify the message source (confirm the legitimacy of the text message sender). Rather than clicking on links embedded in a notification, visit the official website of the delivery service; input the tracking number to access accurate and up-to-date information. You can always contact a delivery company directly, using their official contact details, to verify the status of your package.

3. Phoney charities

Scammers have been known to create phony charities in order to profit or to steal personal information. 

How to avoid: Check on the legitimacy of the charity by investigating the charity’s website. For crowdfunding campaigns, confirm the authenticity of the cause and the organiser.

4. Fraudulent airline ticketing

This method seems to be the most popular among hackers in the holiday season. Since holiday travellers are desperate to book tickets, it’s very easy to lure them into buying counterfeit tickets. 

How to avoid: Don’t fall victim to getting enticed by bogus deals. Ahead of making a purchase, research the seller and/or the website, exercise caution if the deal seems to be unrealistic. Ensure that the website has a secure connection (HTTPS, not HTTP), carefully read the terms and conditions of the deal, and trust your instincts.

5. Phishing emails

Phishing mails mimic emails from reputable brands. Scammers sometimes try to pose as representatives of familiar companies (Amazon, Walmart…etc.,). These deceptive emails employ social engineering tactics to illicitly obtain passwords, personal data and financial information. 

How to avoid: Precautions such as reviewing sender information, remaining skeptical of unsolicited communications, and the avoidance of suspicious links can help. Verify giveaways or promotions by visiting an official company website. Install and regularly update reputable security software to enhance protection against phishing attempts.

6. Fake job scams

While job scams are a growing concern year-round, they tend to target individuals who wish to make extra income around the holidays. Fake job postings may promise substantial earnings for minimal effort. The scammers typically aim to pilfer personal information under the guise of a hiring process. Or, they try to deceive people into sending them money for ‘supplies and training’.

How to avoid: To steer clear of job scams, people should exercise caution if there appears to be an unrealistic compensation structure. Also, individuals should be sure to confirm the legitimacy of the organisation by checking its official details. Legitimate companies provide transparent and easily verifiable information online.

Further, a generic email address may indicate a job scam, as honest employers maintain a professional online presence. If a job requires payment for supplies or training, it’s best to avoid it. Don’t proceed with any job opportunity that raises doubts or concerns.

7. Grandparent scams

These scams particularly target senior citizens and involve the impersonation of a distressed grandchild. The ‘grandchild’ typically requests money and the caring and concerning grandparents end up losing money.

How to avoid: People with senior relatives can warn them about this scam. Seniors should question urgent requests for financial assistance, especially if they involve wire transfers or gift cards. If in doubt, those on the receiving end of suspicious messages are encouraged to directly contact other family members, using known and trusted phone numbers, to account for the seeming situation.

8. Hacking over public Wi-Fi

While airports, hotels, cafes and other frequented locations may offer free public Wi-Fi, these networks are known for being easily hackable. Scammers leverage a method known as man-in-the-middle (MiTM) to intercept data.

How to avoid: Keep your credit card numbers, passwords, and personal details private by avoiding the temptation to shop online while out and about. Shop from safe and secured networks only. If you’re concerned about your home network security, consider a VPN, which can encrypt your internet connection and protect data from interception.

If conducting a transaction while out, you may want to use your cellular data network for the transaction, rather than public Wi-Fi. Cellular connections are considered more secure.

9.  Connected IoT and Mobile entertainment

If you have a seven-hour flight head of you, with a two-hour layover, a mobile game can make the time pass quickly. However, take care in choosing a mobile game – some may compromise device security. Or, if you are gifted an IoT device as a present, do be prepared to ensure stronger security measures to promote safety. For example with smart toys, cybercriminals could eavesdrop on your children, webcams could be used to record you while you change clothes, and voice assistants could spy on your home. 

How to avoid: Before downloading any app, conduct a quick online search to gather information about it. Meticulously review the permissions that it requests. Note that a legitimate game should not require permission to send text messages or to share information with third parties. To further protect your IoT devices, secure everything properly, ensure you use strong passwords, install firewalls and update the devices

10. Business email compromise (BEC) scams.

Fraudsters have found success in impersonating company executives through email and text messages. These scams resulted in losses of billions of dollars annually. They exploit urgency and authority, attempting to persuade individuals to pay invoices for events like holiday parties or to respond to phony billing requests.

How to avoid: If you think that you might have encountered a BEC scam, check for red flags, look at the sender’s email address again, and confirm requests with executives (via separate and verified communication channels). Further, keep the software, operating systems and security systems up-to-date. Report suspected BEC scams to your IT department or other relevant persons. Efficient reporting can help prevent similar scams from affecting others.

“The rules of cybersecurity apply doubly during this holiday season. Stay alert and protect yourself using the tips above to keep your season fun and festive,” Balasubramanian said.

Related Topics
comment COMMENT NOW