Cybercriminals will ring in the Holidays

PhishingThe start of the holiday shopping season marked by Black Friday and Cyber Monday is here. Cybercriminals take advantage of busy online shopping days which provide an opportunity for dramatically increased illicit profits, but you can protect yourself.

The FBI has identified a number of different scams and schemes which could be used by cybercriminals this holiday shopping season such as:

  • Malicious phishing emails for big ticket items and “too good to be true deals”
  • Selling counterfeit or stolen products
  • Fraudulent shipping notices from DHL, UPS and FedEx
  • Holiday refund buncos
  • Online surveys requesting personal information offering complimentary vouchers or gift cards
  • Free malicious mobile applications
  • Contests offering items such as movie tickets for popular shows seeking for personal information
  • Fake charities
  • Point-of-sale (PoS) malware.

There are several recommended good practices for consumers to protect themselves this holiday season. Some of these include:

  • Maintain awareness of current scams and latest cyber trends
  • Use websites that are familiar and have good reputations for shopping
  • Do not provide personal or financial information to unknown parties or websites
  • Do not follow unsolicited links or download attachments from unknown sources
  • Only open attachments from known senders and scan the attachments for malware when possible
  • Be suspicious of on-line websites selling bulk offers of gift cards and visibly inspect cards once purchased
  • Research the company and read third-party reviews before downloading mobile applications to your device
  • Do not post tickets or gift card pictures to social media platforms as criminals can reuse the barcode (if visible) to create another ticket or card
  • If using social media websites with links to good deals, always check the link prior to clicking it
  • Refrain from shopping on WI-FI hot spots that do not have security
  • Ensure that websites requesting payment card information are secure using HTTPS, not HTTP (unsecure)
  • Observe and verify that charges on credit card statements are legitimate
  • Physically protect your credit cards and credit card information
  • If you are asked to respond quickly, be mindful that the requestor could be attempting to generate a sense of urgency in order to commit fraud.

There are a number of websites dedicated to assisting consumers with protecting personal data and card payment information. The list includes:

  • If It Looks Too Good To Be True website
  • BBB Scam Tracker website which documents current scams
  • FBI Internet Crime Complaint Center (IC3) which can be used by victims to report cybercrime;
  • FBI e-scams website which reports trends and current Scams; and
  • NCCIC/US-CERT “Alerts Users to Holiday Phishing Scams and Malware Campaigns” product.