It’s around dawn, and you wake up with excited butterflies in your stomach. This isn’t any normal morning. This is Christmas morning, and you know you definitely landed on Santa’s Nice List this year.
Once the realization hits that it’s Christmas Day, the comforter flies off and feet hit the ground running toward the tree. You must inspect the stocking and all of the goods! But what do you find when you arrive? Oh no, it’s worse than coal: there’s nothing!
Turns out, the Grinch stole all of your presents. Yep, you’ve become the victim of a holiday scam.
Okay, this nightmare seems too far-fetched to be true and should be left for Dr. Seuss. But holiday scams are occurring in the cyber world, and it’s important to be informed on how to protect yourself from holiday cyber criminals.
To teach government officials how to recognize and avoid holiday cyber attacks, the U.S. Department of State offered federal employees the cybersecurity online learning (COL) workshop Holiday Cyber Scams. Instructors Alexis Benjamin and Katherine Martini spoke to listeners about common ways cyber criminals try to access your private information. Here are some of the major takeaways from the State Department workshop:
- Hot Holiday Gifts: Have you ever seen Internet advertisements for those gift deals that seem too good to be true? They probably seem too good to be true because they are. If that Ipad mini, Keurig, or Iphone is listed for a price that looks unreasonably low, it might be a fraudulent item, a knock off, or a way for cyber criminals to get your banking information.
- Bogus Gift Cards: Be wary of purchasing gift cards through mobile devices or third parties. Phishing emails, contests, social media advertisements, and auctions sites all offer free gift cards that can be faulty. Also, verify whether or not a gift card has been tampered with and that nothing was scratched off of its backside.
- Charity Scams: Some emails solicit donations for charity, but it is important to confirm that these messages are from legitimate organizations. Charity scams occur more frequently after natural disasters and during national holidays. One signal to look for when avoiding holiday charity scams is timers. If a website gives you a time limit to enter personal data or uses other methods to coerce you into make quick decisions, you might be dealing with cyber criminals.
- E-cards: Watch out for those messages that look like friendly greetings from Mom! Some holiday e-cards contain malicious code. Investigate before clicking on links or downloading anything from e-cards.
- Social Media Scams: One of the most popular methods to hack private, electronic data is via social media outlets. Sites like Facebook and Twitter have “malvertisements,” which are ads that containing malicious links. Unsolicited requests could potentially be cyber criminals attempting to obtain more of your information.
- Phishing & Smishing: Phishing emails are fake messages sent out by cyber scammers that attempt to collect your personal and financial information. According to a recent article by The Guardian, PayPal customers were receiving emails alerting them to supposed hacking of their personal accounts. These were phishing emails that generally took users to faulty websites that encouraged them to enter private information such as credit card numbers, bank details, and account passwords. A few indicators signaling that a message is phishing email are: 1) a generic greeting such as “Dear User” rather than your name; 2) requests for personal/financial details; 3) email attachments; and 4) spelling errors. Alternatively, smishing is phishing via SMS messages and texting. Smishing text messages often contain a URL address or phone number, and the phone number usually leads to an automated answering system. Just remember, avoid opening attachments to any suspicious-looking emails or texts.
To learn more about holiday cyber scams, view this COL workshop and others from the State Department here. Each live cybersecurity online learning workshop is recorded and then published to the COL site around two weeks after the live event. The recorded workshops are available for viewing at any time once your registration has been approved. For more information about registration and the program, please contact the State Department at CyberSec_Training@state.gov or at Brennantm@state.gov.
Featured Image Attribution: Tom Crowley