December 15, 2015
The season to be scammed by online scammers out to steal your holiday cheer is once again upon us. Every year as online commerce grows, so do online scams. Today’s cybercriminals are going to try to entice you into giving them your hard earned cash through a number of ever more imaginative scams. In today’s blog, I will endeavor to give you a leg up on the top 12 ways to avoid getting Grinched this holiday season.
Grinch 1: Offers That are too Good to be True
Laptops for $100. iPads for only $50. While supplies last. These offers are plentiful online. Hot ticket products for way less than retail. Offers that sound too good to be true, right? That’s because they are. For every etailer that sells legitimate items, there are thousands of cybercriminals who are out to rip you off. And why not, since it takes only a few hours to create a website that is capable of processing orders. That doesn’t mean that there aren’t legitimate online businesses that sell items below wholesale. If you want to get the lowdown on how low prices can go, then you need to scope out eBay and Amazon to determine a realistic price for any item you intend to buy. If an etailer is offering a price below what can be found on major discount portals, odds are you are being set up for a scam.
Even if the offer appears to be from a major retailer, that doesn’t mean you can’t be duped. Scammers can create a clone of a legitimate site that is used to grab your credit card information. I was almost duped by a clone of the Go daddy site recently, when I received an email telling me that my hosting would be terminated if I did not respond. The only thing that saved me from getting burned was picking up the phone and calling Go daddy. Only then did I learn that this was a phishing scam.
If you are unsure of the authenticity of an offer or inquiry, the best course is not to reply online, but to call the party in question.
Grinch 2: Your Shipment is Stuck in Transit
Courtesy of en.wikipedia.org
This particular scam picks up where Grinch 1 left off. In this con game, you will receive an email informing you that your shipment is stuck in transit. Clicking on the link will bring you to a convincing clone of a major shipping site, such as FedEx, UPS or USPS. You will then be asked to provide a nominal payment to insure delivery. Don’t you believe it. The only thing that will happen is that your credit card information will be sold to the highest bidders. Just as with the Offer Too Good to be True scam, this flim-flam relies on your willingness to do business online with what seems to be a recognizable company. As with Grinch 1, when it doubt sort it out by calling the shipper.
Grinch 3: Fake Charities
Ensure that any charitable contribution you make is going to a legitimate charity. One of the most profitable scams online today is to either set up a bogus charity, or clone the website of a legitimate charity only to solicit contributions that wind up in the scammers pocket. So prevalent has this kind of online scam become that the Attorney General in every state in the union has set aside a portion of their website to report on online charity fraud.
Courtesy of keith-quintanilla.deviantart.com
Grinch 4: You Could Be a Winner!
Unlike the first three Grinches who are after your credit card number, fake contests and surveys are more interested in glomming your personal information. With enough info, these scammers don’t need your credit card number. They will be able to acquire new credit cards, generate a refund from the IRS, or even take out a loan in your name.
Grinch 5: Free Games
Freeware has been around since the birth of the Internet. The problem is that today, for every legitimate freeware or shareware offer, there are a hundred malicious sites that will either rifle your personal information, deliver malware as soon as you download the software, or hijack your computer outright. While the con extends to software of all stripes, free-to-play (F2P) games are particularly insidious, since they target youngsters who may or may not have their own devices. If your child uses your laptop, tablet or smartphone to entertain themselves, it could be you who winds up having a game run on them. Not only can spyware or malware be part and parcel of any F2P game download, but most companies that produce them only offer a small portion of the game to be played for free. Then they entice the player to take the game to the next level (or eliminate incredibly intrusive advertising), which costs real money. Some parents have been shocked to find charges for hundreds of dollars on their credit cards that were created when their kids played supposedly free games on their devices. More info is available at the gameindustry.com gamer-blog.
Grinch 6: Gift Card and Coupon Scams
Gift cards have been the most requested holiday gift for nearly the past decade, according to the National Retail Federation. This year alone, American consumers are expected to spend $26 billion on gift cards alone. Needless to say, cybercriminals have their greedy little hands in the cookie jar.
Courtesy of pixabay.com
There are, of course, many legitimate sites that sell gift cards, but it should come as no surprise that bogus sites selling cards that are virtually worthless. Don’t be fooled by come on ads that promise discounted cards. Also, be aware that cards purchased at major retailers can be set to rip you off if you grab them from the rack.
According to Yahoo Finance: “A lot of stores make it easy for you to buy gift cards. They have giant racks containing dozens of cards in their center aisle or near the registers. Unfortunately, they are also making it easy for thieves to steal from you. Most cards today have a scratch-off area on the back that contains a PIN or other number needed to redeem the card. Thieves scratch it off, write down the number and then call the toll-free number regularly while waiting for the card to be purchased and activated. Once it is, they drain the card’s balance. Protect yourself by double-checking the back of the card for any signs of tampering before buying.”
You also need to be leery about accepting online coupons, refunds or rebates, especially if you receive word of them via email or text message. Phishing can take many forms and it’s up to you to throw these phish back.
Grinch 7: Free Wi-Fi Can Cost You BIG
Cyber thieves can also try to reel you in is via in-store Wi-Fi networks. If you are one of those people who likes to prowl stores with Smartphone in hand, using your device to comparison shop, you need to know that if your data connection is blocked inside a big box store, using the store’s Wi-Fi is one of the quickest way for thieves to compromise your phone’s security. “People may want to log on to their Best Buy or Amazon accounts to check prices, but open Wi-Fi is probably the least secure place to do that,” says Michael Kaiser, executive director of the National Cyber Security Alliance. “If you’re tech-savvy enough to use VPN software — short for “virtual private network,” a technique for shutting would-be eavesdroppers out of your connection — on your phone, then free Wi-Fi is safe so long as you have the VPN on. For most people, though, it’s simply best to stick to your cellular connection.”
Grinch 8: Phishing Scams Looking to Reel You In
Courtesy of commons.wikimedia.org
Phishing scams seem to multiply during the holiday shopping season. Virtually every offer that you receive via e-mail and/or text message during the period leading up to the New Year has to be taken with a grain of salt. Even notices purportedly coming from a friend who informs you, “You should see the deal I just got on a new XYX product” should be regarded with suspicion. More importantly, never ever click on the link that comes at the end of the message. Nine times out of ten, your friend’s email was compromised and the link leads to Malware Central. If you receive a message with a link, always call your friend or family member to ask them if they sent the message. If they reply “No”, then you need to tell them that their email has been hacked. This means they need to call their email provider and they need to send out an email to everyone they know telling them NOT to click on any links sent from the compromised account.
Grinch 9: Ecards with a Side of Malware
Electronic greeting cards, also known as ecards are always a popular item during the holidays. Unlike traditional greeting cards, ecards use audio or even animation to entertain the recipient. Moreover, they are easier and cheaper to send out to family and friends since they don’t require you to purchase stamps to send them on their way. While legitimate purveyors of ecards such as JibJab.com abound, you need to be aware of the fact that cybercriminals have jumped on the ecard bandwagon. This isn’t so much of a problem when it comes to sending ecards. The danger lies in ecards sent your way. A recent post on scambusters.org points out that: “A legitimate-looking ecard, once clicked or downloaded might actually contain spyware, spam or a computer virus. Your computer may then start displaying obscene images, barrage you with pop-up ads, launch adult websites, or start sending bogus ecards to those in your address book that appear to come from you.”
That would certainly a damper on your friends’ holiday cheer.
Grinch 10: Are Your Credit Cards Naughty or Nice
If you make purchases online, keep an eye on your credit card statement. This is easy enough to do online. The reason you should keep an eye on your account activity is due to the fact that if your card information is compromised, suddenly you could find hundreds or even thousands of dollars in bogus purchases being made without your knowledge. If you use a debit card to make purchases and thieves gain access to it, then it could be game, set and match for your bank account. My advice is that you should never use your debit card to make holiday purchases, and for goodness sake spend a few dollars to purchase theft protection, such as that offered by companies like LifeLock. Your wallet will thank you.
Grinch 11: Work at Home Scams Designed to Work You Over
Criminals often use the lure of making a little extra money work for them like Santa’s elves by phishing for people via work at home scams. These cons start at the recruitment by dangling a position, then requiring the applicant to provide everything from a resume to social security number, all of which can be sold on the dark web. Then to cap it off, the applicant is offered a position, at which time they are asked to provide their bank account number. (You want to get PAID, don’t you?) To cap it off, now that you’ve given crooks the keys to the vault, many of them will then require the hiree to accept an initial deposit, part of which they are then told to transfer to another account. The FBI’s own site reports that this scam is routinely used to dupe college students, who are in essence committing a crime themselves.v“The funds the student receives and is directed elsewhere have been stolen by cyber criminals. Participating in the scam is a crime and could lead to the student’s bank account being closed due to fraudulent activity or federal charges.”
Grinch 12: IoT – The Gift That Keeps on Taking (Internet of Things)
Even our appliances can be used by hackers to compromise us. In this web-enabled world of ours, everything from our Smart TV, to refrigerators, security systems, nannycams, home healthcare devices, home Wi-Fi networks, and a host of other appliances and wearables that fall under the Internet of Things (IoT), are now vulnerable to cyberattack. Once penetrated, these devices can give a hacker access to other devices and networks in your home and/or office. This can then lead to everything from rifling your personal or medical information, to email spam attacks, denial of service attacks, access to cameras in your home and/or office, which could then lead to cyber blackmail.
Don’t think it can happen to you? Think again. Many IoT devices have little or no cybersecurity, or they have default passwords that even a child can crack. So pervasive has cyber blackmail become that a number of law enforcement agencies were advised by the FBI to pay the crooks when their servers were breached, encrypted and shut down.
Consumer Protection and Defense Recommendations
- Isolate IoT devices on their own protected networks;
- Disable UPnP on routers;
- Consider whether IoT devices are ideal for their intended purpose;
- Purchase IoT devices from manufacturers with a track record of providing secure devices;
- When available, update IoT devices with security patches;
- Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router;
- Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device;
- Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor;
- Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer. Many default passwords can be easily located on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets. If the device does not allow the capability to change the access password, ensure the device providing wireless Internet service has a strong password and uses strong encryption.
American consumers lost more than $800 million last year to online scams. That figure is expected to rise during this shopping season. If you don’t want the Cyber Grinch to ruin your holiday, you need to make sure that everyone in your family is fully prepared to deal with the 12 ways your holiday can be hijacked.
Carl Weiss has been working the web to win since 1995 and has helped hundreds of companies increase their online results. He is president of W Squared Media and co-host of the weekly radio show Working the Web to Win which airs Tuesdays at 4pm Eastern on BlogTalkRadio.com. Click here to get his latest book "Working The Web to Win: When it comes to online marketing, you can't win, if you don't know how to play the game!".