‘Tis the season for consumers to spend more time online – shopping for gifts, looking for great holiday deals on new digital gadgets, e-planning family get-togethers and, of course, using online or mobile banking to make sure they can afford it all. But before logging on from a PC, Mac or mobile device, consumers should look out for the “12 Scams of Christmas,” the dozen most dangerous online scams this holiday season, revealed by McAfee.
“With the increase in malware and other attacks on smartphones, tablets and Macs, users need to stay vigilant and ensure they protect all of their devices, not just their home PC – they can’t afford to leave the door open to cyber-grinches during the busy holiday season.”
“Cyber criminals rub their hands with glee when they think of the holidays,” said Gary Davis, director of consumer product marketing at McAfee. “Consumers are making travel plans, shopping for gifts and bargains, updating Facebook and connecting with friends. However, the vast majority have no security protection for their smartphones or tablets, despite using them heavily during the holiday season. Consumers need to stay one step ahead of this season’s cyber scrooges, and make sure they have protection for all of their Internet-enabled devices. Otherwise, they could risk giving the bad guys the biggest gift of all – their own personal and financial information.” Click through for 12 holiday scams identified by McAfee.
A recent National Retail Federation (NRF) survey, dated Oct. 19, found that 52.6 percent of U.S. consumers who own a smartphone said they will be using their device for holiday-shopping related activities — whether it’s to research products, redeem coupons or purchase holiday gifts. Malware targeted at mobile devices is on the rise, and Android smartphones are most at risk. McAfee cites a 76 percent increase in malware targeted at Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform.
New malware has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals on Black Friday and Cyber Monday, or just to learn about products they want to buy.
These are mobile apps designed to steal information from smartphones or send out expensive text messages without a user’s consent. Dangerous apps are usually offered for free, and masquerade as fun applications, such as games. For example, last year, 4.6 million Android smartphone users downloaded a suspicious wallpaper app that collected and transmitted user data to a site in China.
Who doesn’t want to win some free prizes or get a great deal around the holidays? Unfortunately, cyber scammers know that these are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information.
A recent scam advertised two free airline tickets, but required participants to fill out multiple surveys requesting personal information.
Scareware is the fake antivirus software that tricks someone into believing that their computer is at risk — or already infected — so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, with an estimated one million victims falling for this scam each day. In October 2010, McAfee reported that scareware represented 23 percent of all dangerous Internet links, and it has been resurgent in recent months.
Fly with Santa
Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screensaver that promises to let you “fly with Santa in 3D” is malicious. Holiday-themed ringtones and e-cards have been known to be malicious too.
Until recently, Mac users felt pretty insulated from online security threats, since most were targeted at PCs. But with the growing popularity of Apple products, for both business and personal use, cyber criminals have designed a new wave of malware directed squarely at Mac users. According to McAfee LabsTM, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent month on month.
Phishing is the act of tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony email or social media posts. Cyber scammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.
- A common holiday phishing scam is a phony notice from UPS saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyber scammer.
- Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money — and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.
- Smishing — SMS phishing — remains a concern. Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cyber criminals then direct the consumer to call a phone number to get it reactivated — and collects the user’s personal information including Social Security number, address and account details.
An estimated 63 percent of shoppers search for online coupons or deals when they purchase something on the Internet, and recent NRF data (Oct. 19, 2011) shows that consumers are also using their smartphones (17.3 percent) and tablets (21.5 percent) to redeem those coupons. But watch out, because the scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information.
- One popular scam is to lure consumers with the hope of winning a “free” iPad. Consumers click on a “phishing” site, which can result in email spam and possibly deal with identify theft.
- Consumers are offered an online coupon code and once they agree, are asked to provide personal information, including credit-card details, passwords and other financial data.
Mystery shoppers are people who are hired to shop in a store and report back on the customer service. Sadly, scammers are now using this fun job to try to lure people into revealing personal and financial information. There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be a mystery shopper, and instructing them to call a number if they are interested. Once the victim calls, they are asked for their personal information, including credit card and bank account numbers.
Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams in the hopes of getting us to click on dangerous emails. In one recent example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.
Every year there are hot holiday gifts, such as toys and gadgets, that sell out early in the season. When a gift is hot, not only do sellers mark up the price, but scammers will also start advertising these gifts on rogue websites and social networks, even if they don’t have them. So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse.
Posting information about a vacation on social networking sites could actually be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide that it may be a good time to rob them. Furthermore, a quick online search can easily turn up their home address.