Have you already bought all of your Christmas and New Year gifts and booked holiday tickets and hotel rooms? I’ll bet my boots that many have not yet completed all of these tasks and now spend their spare time performing a last minute ‘great holiday quest.’ It’s very important to keep calm in order to avoid becoming the victim of a holiday phishing campaign.
In 2014, up to 51% of people in the UK and Germany bought gifts online, and even more interact with vendors via different online channels (websites, e-mails, social networks) in order to make a choice, get discounts or receive comprehensive data about their goods. Furthermore, in the United Kingdom, South Africa and Germany, one in every two consumers uses a smartphone to make online purchases.
I got a great deal on cyber Monday yesterday!… I had $1300 stolen from my checking account and spent at some… http://t.co/MjVFYf8pQ6
— Thomas Hackett (@TJRHackett) December 2, 2014
The rise of mobile commerce attracts hackers as well as users: it’s really easy to pay with your smartphone, and certainly easy to hack it and steal your banking credentials. The situation is complex due to the lack of security expertise that is typical among the majority of smartphone users. We know how quickly and easily we can buy apps and other things with our devices, but we are almost illiterate in terms of mobile security. However, in practice, even crime experts can assume the role of a hacker’s victim.
How ironic, the crime reporter has his bank account stolen. Following up on this breaking story in true first-person fashion.
— Daniel J. Gross (@DanieljGross) December 18, 2014
But forewarned is forearmed and one can at least reduce the risk of an attack. For this reason, we’ve written this review of the most popular holiday phishing campaigns and prepared some tips on how to stay protected.
Deceitful greeting cards. We all like those colorful Christmas cards that are cute, funny and even animated. It’s Christmas in itself, isn’t it? Well, it certainly is until there is Trojan software behind that zany picture. You could receive a message that looks as though it were sent by a legitimate vendor (e.g., Hallmark). It’ll ask you to download an attachment that, at first site, appears safe and reliable. In reality, it is a Trojan that infects your PC and waits until you try to use your banking credentials online. Then it’ll show you a popup window suggesting that you verify/update your billing info. If you do it, your bank account can quickly become very empty.
Infectious online discounts. In fact, almost every letter that looks like a legitimate ‘too good to be true’ promotion, offered by popular air carriers, tour operators and online shops, could be fraudulent and contain malicious software in an attachment. Even a USB flash stick that you may have received as a gift at a local shopping center can contain a similar surprise.
The price of compassion. Got an e-mail asking to send money to lonely old men and women in a nursing home or children living in an orphanage? Some of them may be scam letters sent by frauds. You would be very lucky if these cybercrimes did not drain your entire bank account after you sent them money.
An expensive virtual Santa’s hat. Gamers are the usual victims of phishing campaigns. Hackers steal banking credentials, game items and high-level characters in order to earn quick money. They can do it in many ways. For example, they can send you Trojan software disguised as a screensaver of a powerful item.
All of these methods succeed only when a user gets excited and subsequently forgets about security rules. So keep calm and be attentive!
Beware of public Wi-Fi. Have you seen this video taken by CNN Money? It clearly shows just how easily one can hack your e-mail and Amazon accounts, for example, and find out your banking credentials, if you are connected to a public Wi-Fi network.
If you want to send money to support your kids or pets, aim to get a sustainable discount or book a room for the holidays (and in many other cases as well), do not click on suspicious links (in scam letters, there are often some ‘spelling mistakes’ in the website’s address). Type in the web address manually and look for the promotion that you were interested in on the News page.
Do not download any pirated content. Anyhow, whether you do it or not, use an antivirus solution and follow its recommendations.
Merry Christmas and Happy New Year to all!