McAfee’s Online Safety Tips for the Top 12 Holiday Scams

The holiday season is upon us once again and now that you’re making your lists (checking them twice) and planning for all of the upcoming festivities, you’re likely using your digital devices to help lighten the seasonal load. But for every Santa there is a Grinch, a cybercriminal waiting in the wings to turn all that holiday cheer into fast cash as he spreads his scams and malware.

Holiday shopping in 2013 is expected to jump even more than it did in 2012, up to an estimated $602.1 billion spent in the months of November and December[1]. Online shopping in particular is growing rapidly, with ecommerce sales predicted to jump up 15% from last year’s digital holiday sales to more than $60 billion, and mcommerce accounts for 16% of that number[2].

To help you stay protected as you search high and low both on and offline for the perfect presents for your loved ones, McAfee has released its annual “12 Scams of Christmas” list full of digital dangers to be on alert for as you surf the web for holiday deals and steals and how to be safe in the coming months and beyond.

Number 1: Not-So-Merry Mobile Apps

With the latest advancements in technology, we’re now able to do everything from our phones from playing Candy Crush and booking our holiday trips to paying our bills. While applications may save time when it comes to holiday planning, malicious mobile apps are ready and waiting to ruin our Christmas cheer.

Even the most official-looking software for holiday shopping, such as those appearing to feature celebrity or company endorsements, could be malicious applications designed to steal – or even send out – your information.

  • When it comes to your bank account, even apps that appear to have genuine-looking certificates can be used to siphon credentials and data and send that information back to the bad guys; in some cases, miscreants can even redirect incoming calls and messages, offering attackers the chance to bypass two-step authentication systems in instances when the second step involves a code that is sent to the mobile device.
  • This malware can come in a variety of forms, but two in particular: ZeuS-in-the-Mobile (Zitmo) and SpyEye-in-the-Mobile (Spitmo). Both are notorious among the mobile banking community.

TIP: Look into all mobile apps carefully before downloading anything onto your mobile devices; check the comments section and confirm the app’s legitimacy directly with the parties that the software claims are involved.

Number 2: Holiday Mobile SMS Scams

Mobile SMS scams are rampant year-round and are sure to cause even more problems than Black Friday sale shoppers at retail locations this season. FakeInstaller tricks Android users into thinking it is a legitimate installer for an application and then quickly takes advantage of the unrestricted access to smartphones, sending SMS messages to premium rate numbers without the user’s consent.

TIP: Double-check that the “download” button is legitimate when attempting to install new apps on your phone. Use antivirus software and learn more about FakeInstaller here.

Number 3: Hot Holiday Gift Scams

Be wary of advertising deals and steals on this season’s must-have items. Clever crooks will publish dangerous links, post phony contests on social media sites, and send phishing emails in an effort to entice viewers into revealing personal information and/or downloading malware onto their devices.

TIP: If an offer seems too good to be true, it probably is. Do your best to verify “low low” prices on this season’s biggest sellers.

Number 4: Seasonal Travel Scams

Traveling to visit family and friends or just to get away from it all is one of the many joys of the holiday season.  Whether you’re headed somewhere tropical or snowy, here’s the cold hard truth: online scammers are ready and waiting to take advantage of you when your guard is down. Not only are phony travel deal links and notifications around every corner, but once you get to your destination, hackers are waiting to steal your identity.

  • When you log onto infected PCs with your email username and password, they can install keylogging spyware, keycatching hardware and more. Think you’re safe when using your own computer on the road? Think again – a hotel’s Wi-Fi may claim that you need to install software before using it and instead infect your computer with malware once you click “agree”.

TIP: Prior to traveling, make sure all of your security software is up-to-date and consider running a virus scan while you’re laying by the pool or curling up by the fire with a cup of cocoa. Also, if you’re asked for a username and password after clicking a link (or any time you didn’t browse directly to the page you’re attempting to access), try using a fake input on the first login attempt. The extra few seconds it takes to load confirms that the page is actually looking for valid username/password combinations; scam sites will let you right in.

Number 5: Dangerous E-Seasons Greetings

Snail mail is so 2003. In 2013, most of us are spreading the holiday cheer digitally with e-cards. Free or paid, standardized or customizable, there are a million ways to say “I Love You,” “Thank You,” or “Season’s Greetings” online, but some hackers are wishing you a merry malware instead. While many e-cards are just as legitimate and safe as the notes you receive in the mail, others are scams that can cause you to download a Trojan or other virus onto your machine after clicking a link or opening an attachment.

TIP: Check all of the cards you receive carefully for any suspicious misspellings in the sender’s name or the name of the card company itself. If you see any cause for concern, do a search online for any additional information about the site from which the message originated.

Number 6: Deceptive Online Games

Forget the stuffed animals and diaries: most kids are itching to get their hands on the latest online games. Before your kids disappear into a digital universe for the entirety of their winter break, watch the source of their downloaded games.

The many sites offering full-version downloads of the hit franchise Grand Theft Auto, for example, are often laden with malware. While that particular game may skew towards an older audience, online gaming appeals to Internet users of all ages. With the integration of gaming into social media pages, more people than ever before are now exposed to this world, which unfortunately can be a deceptive one.

TIP: Only download or buy games from reputable websites, check in with retailers about the legitimacy of a deal you see advertised, and talk to the little ones in your life about how to spot and avoid online potential scams.

Number 7: Shipping Notifications Shams

While your package may make it to its destination intact if you use traditional services to send gifts, this might not be true if you order online and click on a phony shipping notification. These sham messages appear to be from a mailing service, alerting you to an update on your shipment, when in actuality they’re scams carrying malware and other potentially harmful software looking to infect your computer.

TIP: Always check the domain name on shipping notification alerts and be cautious of any that you receive when you have not requested them or even sent a package in the first place.

Number 8: Bogus Gift Cards

Everyone has someone in their lives who is impossible to shop for – lucky for them, it’s gift cards to the rescue! The perfect gift for the friend or family member in your life that seems to have everything, gift cards are a go-to present for many and an easy stocking-stuffer for anyone on your list. Holiday shopping with this easy trick may take a nightmarish turn, though, if you fall into a cybercriminal’s trap and end up purchasing a phony card online. Unfortunately, many ads posted around the web claiming to offer exclusive deals on gift cards or packages of cards can be as bogus as the paper on which they were written.

TIP: Many of those “too good to be true” gift card deals are just that – too good to be true. So stick to purchasing directly from the official retailer rather than from third parties online and ensure that your money goes towards a gift and not into a scammer’s pocket.

Number 9: Holiday SMiShing

Combine SMS text messages and phishing and you get SMiShing, yet another way cybercriminals are looking to ruin your holiday fun. One popular scam for this time of year centers on messages offering up free gift cards. As regulations have become stricter on these information thieves, many have moved on to posing as banks or credit card companies[3]. Often asking you to confirm your information – ironically, in some cases, for “security purposes,” clever scammers may even include the first few digits of your credit card number in their SMS message to try and fool you into a false sense of safety.

TIP: Legitimate banking and credit card companies should never ask you for personal information over a text message. If you receive a message like this, contact your bank directly via phone, secure website, or in-person.

Number 10: Fake Charitie

‘Tis the season for giving – and for giving back. Charitable donations are a huge part of the holiday season for all those looking to help the less fortunate. However, there are people in this world that take advantage of the generosity of others and set up fake sites for charitable donations which, in reality, are for their own personal gain. This is particularly notable in times of crisis, such as a recently imprisoned woman who set up a fake page in the wake of the Sandy Hook tragedy and in times of hope and joy such as the holiday season.

TIP: If you’re looking to donate to a worthy cause this year, do a little background research on the charity in question and think twice before sharing any type of personal information on a website that looks less than legitimate.

Number 11: Romance Scams

Kisses under the mistletoe are a part of getting into the Christmas spirit, but for those looking for love online this holiday season, there is more potential danger awaiting them than just a broken heart. You can never be sure who exactly is on the other side of the screen messaging you – or even who is behind the site itself. With so many niche dating sites now available to Internet users, it can be difficult to deduce which are real and which are phishing scams posing as reputable sources to access personal information like usernames, passwords, and credit cards.

TIP: Try to stick with trustworthy dating sites when looking for digital love, and always be wary about giving out personal information of any kind to websites or individuals you encounter online.

Number 12: Phony E-Tailers

If crowded malls decorated with Christmas trees and hoards of shoppers do not sound enticing, e-tailers have made everything – really, everything – available to you online with just the click of the button. But as wonderful as it is when all of your holiday gifts appear at your doorstep without having to lift a finger, phony e-commerce sites will take your money and your personal information and leave you with nothing in return.

TIP: Double-check the IP addresses on the sites you use for shopping, and look for customer reviews and other information to verify an e-tailer’s legitimacy.

Happy Holidays!



Leave a Comment

3 × 2 =