With the holiday shopping season in full swing, we all can expect an influx of ads, scams, fraudulent phishing schemes, and all forms of attempted cyber crimes.
In most of these cyber crimes, the attackers rely on human vulnerabilities (clicking on links, opening attachments, etc.). This is true on your personal computer and devices, as well as your computer equipment at work. You may think you are not “important enough” to be targeted or that your employer’s IT department has it covered, but those are common misconceptions. Attackers are indiscriminate – they do not care who you are, what you have, or what controls you have in place, they simply want you to fall for their scams.
3 Common Cyber Threats that Increase During the Holidays:
Spear Phishing Attacks
- A spear-phishing attack is a fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information. You’ve likely seen one of these emails before, as they are very common and surprisingly effective, so it’s important to stay diligent. Some examples include:
- You’ve won gift cards!!!
- Shopping deals
- Charities (weird right!?)
- Bogus links or attachments
Product Scarcity Scams
- Be mindful of product scarcity. Fraudsters know when in-demand products are scarce and will step in to play on our desires to give the perfect gift and to find the un-findable.
- Large campaigns for products like PS5s, Xbox, and things that are scarce showing availability, but are often scams! “If something is too good to be true, it usually is.”
- It is NOT difficult to craft an email with legit pictures disguised as Target broadcasting that “PS5s are available if you click here!”
Fraudulent Charitable Campaigns
- There have been upticks in charitable contribution scams via phishing in emails, texts, and social media.
- These have even been seen “inside” organizations from spoofed Administrator or Manager accounts. (Example: Your boss emails you and instructs you to buy 1,000 Amazon gift cards for a local charity and email him the numbers so he can distribute them).
- A good rule of thumb is to handle any charitable contributions or purchases by directly navigating to those pages in a clean browser rather than clicking on any links from a text or email.
While these are some examples of things we see during the holidays, they can happen at any time. Be mindful of after-holiday scams as well. There is typically an uptick in scammers impersonating the IRS after the holidays as we roll into tax season.
- Don’t click links or open attachments in emails, texts, or social media messages that are from unknown or external sources.
- If you know of a deal or a company emails a deal to you, navigate to the website in a browser or the app for that company rather than clicking a link or opening an attachment from an email or text message.
- Avoid using the “Log in With Facebook” feature that some sites offer. Using this feature means that if your Facebook account gets compromised, the attacker who has access to your Facebook will also have access to every site you have logged into using the feature.
- Have a separate email or login credentials with every login you create. Repeating the same login information for multiple sites and apps means that when one is compromised, they are all compromised.
- When a fraudster obtains login credentials, they tend to try the same login and password combination on many sites, using computers to attempt logins quickly and painlessly on thousands of sites in a matter of seconds.
- Use credential or password safes to keep track of login information. Some examples include Enpass and KeePass, though there are many others available.
- Use resources like: https://haveibeenpwned.com/ to check on your email or phone, to see if it was harvested in any known breaches.
- USE MULTIFACTOR AUTHENTICATION WHENEVER YOU CAN!!! Multifactor authentication means that you must enter more than a login ID and password. You must also have access to an email or phone number associated with the account to retrieve a one-time use passcode, often called a secure access code. Multifactor authentication is available on most logins, especially social media, banks, and stores. There are apps available to manage this for you such as Google Authenticator. If you purchase anything over Social Media Apps, don’t do it within the app. Open a browser window to perform the purchase or to log in.
- Be mindful of letting your children, spouse, or anyone but you purchase or log into anything on your devices. Children are less likely to spot a scam and more at risk of inadvertently exposing personal information.
- Take advantage of any cyber security awareness training offered by your employer or other organizations in your personal or professional networks.
What to Do If You Suspect a Password or Account has Been Compromised:
- Change your password immediately. If you use the same password for other logins, change those too!
- Report lost, stolen, or compromised card numbers or account numbers to your bank immediately
- If you have fraudulent transactions on your bank account or credit card, contact your bank immediately
Be sure to carefully assess your exposure and take further steps as necessary. The Federal Trade Commission offers resources for what to do if your personal information has been stolen. Visit https://consumer.ftc.gov/identity-theft-and-online-security to learn more.