Iain Swaine, Head of Cyber Strategy EMEA, BioCatch
The festive season is here. With Black Friday and Cyber Monday having passed, it’s time for Christmas shopping to continue — retailers are hiring seasonal workers, shelves are being stocked, wish lists are being made, and cybercriminals are preparing their favourite tools and tactics.
Wherever money is being spent, cybercriminals are sure to show up. That’s why you need to be on the lookout for shady offers, strange emails or texts, and other possible attacks. Here are four big scams we expect to see (more of) this year.
1. Phishing: The Holiday Bait That Con Artists Are Using
Phishing is an ongoing activity that picks up steam over the holidays. Because criminals know you’ll have a lot more shipments than usual on the way, con artists will send surveys, often at this time of year, posing as representatives of companies and offering benefits in exchange for your participation. One of the most popular phishing scams is called the UPS text scam, where’s the cybercriminal sends out text messages with links that look like they contain tracking information but in reality are malware wrapped up as a holiday gift.
Cybercriminals excel at looking like the real deal and may even try to get you to follow a link to a phishing site or a malware link. That’s why it’s important to make sure you double check anything claiming free rewards or mistakes that involve a payment.
Remember to look for the hook when you receive something dubious. Ask yourself questions like “Would this organisation really need to confirm my payment information?” or “Would this company send an email like this?”
And don’t be afraid to directly contact a business about a sketchy looking message — it might take a couple of minutes, but it’s far better than a fraudster getting your personal information which they can use for all kinds of incriminating purposes.
2. Account Takeover: Shopping On You
The purpose of an account takeover scam is for the fraudster to obtain your login information, pose as you, and then transfer money and make purchases on your credit card.
During this time of year, account takeover artists take a particular shine to e-commerce and retail accounts. Whether they acquire credentials on the dark web or other illicit means, cybercriminals are known to break into user accounts and then order items for themselves using the credit card saved on file.
Make sure you keep an eye on your retail account activity. Be aware of notifications for new orders, new shipping addresses, or other account updates. It’s easy to miss a notification during the holiday rush. If you see a charge that doesn’t look right or get notified about an order you don’t remember placing, it’s worth double checking to make sure your account has not been taken over by a fraudster.
3. Promotion Abuse: Taking it too far
When buying gifts, taking advantage of a good price never hurts (or self-shopping, for that matter). In order to enhance client acquisition during a period when more consumers will be online, many banks and shops will be implementing aggressive promotions. These businesses are dealing with weak account growth and lagging sales. These promotions are taken advantage of by con artists, who frequently do so by utilising other people’s information.
One fintech found this out the hard way after reporting millions of illegitimate accounts had been opened on their platform. In addition to refer-a-friend and sign-up promotions, cybercriminals will open up accounts to take advantage of the Buy Now, Pay Later (BNPL) services that many retailers offer during this time of the year.
Bots are often deployed by cybercriminals to try and open as many accounts as possible to cash in on lucrative promotions. Watch your email closely for confirmation emails indicating you opened a new account. While you might not experience financial losses directly as a result, you don’t want cybercriminals to open accounts in your name with bad intentions.
4. Santa’s Little Imitators: Fake Websites and Seller Accounts
In the same way that phishing schemes try to trick a victim into taking an action by pretending to be a legitimate company, fake websites do the same.
In this scam, the fraudster puts up a webpage that looks like the one you want to be on and tricks you into either entering information or clicking a button that triggers a malware download.
These pages can be built to look extremely authentic, and enterprising cybercriminals have even been known to buy Google ads to make their fake sites show up on the front page. It’s also common for phishing emails to point victims to a fake website.
Similarly, cybercriminals are known to make fake social media accounts (it’s more than a trend for them) and fake seller accounts on retailer sites like eBay. In these cases, cybercriminals might fake a sweepstakes to trick consumers into sharing personal information or “buying” an item, taking their money, and then never shipping anything.
Consumers are advised to use caution while browsing and avoid clicking on promotional links in email and on social media sites. And, as the old adage goes, if something seems too good to be true, it probably is.
Click with care to shop safely this year
The significance of being aware of your online interactions cannot be overstated. Banks and merchants make significant investments in security systems that can detect fraud before it can hurt your wallet. However, con artists are constantly looking for and finding new ways to capitalise on the holiday, season, or shopper event.
Fortunately, as individuals, we are the best line of defence against the majority of these attacks. It is crucial to be aware of the signs of suspicious activity and to report them right away. The security of the internet is a shared responsibility. Don’t let a cybercriminal steal your holiday cheer. May the only holiday surprises you get arrive wrapped up in shiny paper.
