The 12 Scams of the Holidays

McAfee’s Annual List Educates Shoppers on How to Avoid Unwrapping an Online Threat and Keep Their Digital Lives Safe

As temperatures begin to drop, snow starts to fall, and decorations go up, consumers across the country begin preparing for upcoming holiday festivities. This time of year consumers are rushed and use their devices much more than normal. Just as spending is on the rise, so is the potential threat of cybercriminals taking advantage of cheerful shoppers.

This year, holiday shopping sales are expected to surge from last year to an estimated $616.9 billion. E-commerce sales are also predicted to rise between 8-11% this year to more than $105 billion, with 56% of smartphone owners planning to use their device while shopping.

McAfee, a part of Intel Security has developed its 12 Scams of the Holidays list to educate the public on some of the most popular ways cybercriminals scam unsuspecting shoppers as they surf and shop with their digital devices during this holiday season, and provides tips on how to stay safe.

Number 1: You’ve Got Mail!
As holiday sales continue to move online, the risks of shipping notification and phishing scams are increasing. Though these are year-round risks, since many people do their holiday shopping online, consumers are more apt to click on a shipping notification or phishing e-mail because they think it is legit.

TIP: The creators of phishing scams like fake shipping notifications are getting smarter as years go by, creeping their way into consumers’ wallets. Instead of clicking on a link for a shipping notification, go directly to the site and plug in your tracking number from there.

Number 2: Deceptive Advertising
Everyone is searching for great deals during the holidays. Keep your eyes peeled (and your wallet in check) when online shopping for this season’s most coveted products. Dangerous links, phony contests on social media, and bogus gift cards are just some of the ways scammers try to steal your personal information and ruin your holiday cheer. This year’s trends include fake deals for hot new electronics products like the iPhone 6 and iPad Air 2.

TIP: If a deal or advertisement looks too good to be true, it probably is. Before clicking the link in the social media post or ad, go directly to the outlet’s website to see if the deal is displayed there. Triple check to make sure you are not getting scammed.

Number 3: Chilling Charities
‘Tis the season for giving. During the holidays, many consumers give back by donating to their favorite charity. Sadly, some cybercriminals will use the season of giving to line their own pocket. Be wary of fake charities that could reach you via email, or are shared virally through social media. Big events, like this year’s Ebola scare in the U.S., can lead to even more fake charities than normal. One of the biggest charity scams of 2014 was a campaign from a group impersonating the UN Refugee Agency which collected money and information from anyone who was tricked into donating.

TIP: Look for the seal and trust mark on a charity’s website before opening your wallet to donate. Just because a website ends in “.org,” doesn’t mean it’s legitimate. Do an online search of what people’s experiences have been when donating to the charity to ensure it’s real.

Number 4: Buyer Beware
There are just some scams that consumers can’t avoid. Point of sale devices at popular retail stores became the targets of hackers seeking credit and debit card numbers, as well as other customer data. Card issuers, law enforcement, and security companies saw stolen data go “on sale” on online hacker marketplaces, and identified attempts to use this stolen data in clever fraud schemes. Coordination of detection and response between these groups led to customer cards being canceled and replaced so consumers were protected, but given that there are millions of point of sale devices at stores worldwide, it’s likely these devices will remain a popular target until retailers deploy new security solutions that thwart these attacks.

TIP: Closely monitor your credit card statements and stay on top of breaking news regarding cyberattacks in the marketplace should a retailer you have shopped at be exploited. Also, most credit card companies allow you to get notified every time the card is used. Be sure to use this capability should it be provided. The more vigilant you are, the faster banks and retailers can crack down on the hackers and protect you from financial damage.

Number 5: iScams
New mobile apps for Android and iOS devices are added every day. Thanks to the ongoing advancement of technology, your mobile device can control the temperature in your house, keep you connected to social media, and add cool filters to your holiday photos. Even the most official-looking or festive apps could be malicious and capable of accessing your personal information. McAfee Labs™ recently found a suspicious Android app called ACCLeaker that secretly collects a device user’s Google account ID, Facebook account ID, and Twitter account name.

TIP: Google and Apple have made tremendous efforts to scan apps uploaded to their app stores, so you should only download apps from these official app stores. Pay attention to how much information an app requests and, if the app requests too many permissions, do not download it. It may be requesting access to information on your phone that you would prefer to keep private or more information than it needs. Also install antivirus software on your mobile device to help protect against malware getting on the device.

Number 6: Getting Carded
Digital e-cards spreading the holiday cheer are fun and easy and most importantly, thoughtful. While you may want to send a loved one “Season’s Greetings,” hackers are looking to wish you a “Merry Malware!” Well-known e-card sites are safe, but be wary of potential scams that cause you to download a virus onto your device.

TIP: Be wary of e-cards from unknown senders. Most recently, a scam campaign took the personal information of AT&T users when they opened an email that claimed they were the recipient of a Starbucks card for the heck of it.

Number 7: Holiday Travel Scams
With travel on the rise during peak holiday times, online scammers are ready to take advantage of the fact that consumers often become less vigilant about their safety. Fake online travel deal links are bountiful, but there are also risks that exist once you arrive at your destination such as onsite PCs that are infected with spyware that can access your information when you logon.

TIP: When booking travel plans this holiday season, be wary of sites that request money or credit card information in advance. If you are opting to rent a residence during your travels, back-check the address of the rental site to make sure it’s legitimate. Many scams have been uncovered where consumers paid upfront, arrived at their destination, and found there was no physical unit or that they have been scammed by someone posing as the owner.

Number 8: Bank Robocall Scam
Hackers sadly try to take advantage of the fact that consumers are concerned about fraud, particularly during the holidays when credit and debit card holders are making a large number of transactions. In some cases, consumers receive fake automated phone calls masquerading as their banks’ fraud departments. These “robo calls” claim that the user’s account has been compromised and request personal information such as account passwords, to make changes.

TIP: If you get a call from your bank about your account, insist on calling them back. Hang up, and call the bank through the official main line to ensure that the person you were talking to was truly an employee of the bank.

Number 9: ATM Skimming
During the holiday season, you need cash and are usually in a rush to get it. Criminals can access your information at ATMs by installing skimming devices to steal the data off your card’s magnetic strip, and using either a video camera or keypad overlay to capture your PIN.

TIP: When withdrawing money, be aware of your surroundings. Check to make sure that you are in a safe place to enter your information. If anything looks amiss, leave. Additionally, inspect the ATM for loose wires or machine parts that may have been tampered with.

Number 10: Year in Review Traps
Many news services capitalize on the holidays by developing “Year in Review” articles. Companies should warn their employees about the risks of clicking on these types of links from their work emails. Links from phony sources could infect and compromise the security of company devices.

TIP: Remind employees to be cautious of clicking on links to intriguing, but non-work-related emails through work or personal email on company devices. Visiting unknown URLs could result in landing on phony websites set up to spread malware or steal personal data.

Number 11: BYO…Device
With an increase in travel, activity (and bubbly!) over the busy holiday season, people are more likely to lose their smartphones. People who find those smartphones may have access to sensitive business data if the appropriate security measures are not in place.

TIP: Always enable the locate and lock feature on your phone and keep your smartphone PIN protected at all times.

Number 12: Bad USB Blues
During the holiday season, businesses may see an increase in gift baskets from vendors who want to continue working with your company in the upcoming year. One of the most popular items in these baskets includes branded USBs. Beware of allowing your employees to use these, as undetectable malware is sometimes pre-installed on them.

TIP: Avoid using USBs that you did not purchase yourself or do not know where they came from. Stick to the ones you have kept secure and only used by yourself.


I want to wish everyone a safe and fun holiday season!

As always, to stay up to date on the latest consumer threats, follow me and @McAfeeConsumer on Twitter and Like us on Facebook.

GaryNasdaq_NCSA_Conference_panel small

Leave a Comment

twelve − five =