Site   Web

December 15, 2014

The 12 Cons of Christmas

Everyone knows about the 12 Days of Christmas, but you may not have heard about are the 12 Cons of Christmas. In their efforts to “liven up” the holidays, cybercriminals this year are going to act like the Grinch in their efforts to ruin your holiday spirit. So in this season of giving I though it only appropriate to give all of our loyal readers the lowdown on the top 12 cyberscams that you can expect to see this yule.

On the First Day of Christmas my true love said to me, you won’t believe what I found under the tree.

Online offers during the holiday shopping season that seem too good to be true usually are. A recent blog on Democrat and Chronicle quoted attorney Eric Schneiderman as saying:

“As the holiday shopping season kicks off and more consumers plan to shop online, there are simple steps you can take to avoid scams and protect your personal data. Consumers should know how to spot fake websites and deals that are too good to be true.”  Schneiderman warned that when shopping online, consumers should only use secure Internet connections and only process online payments on web pages that are HTTPS verified to protect themselves against fraudulent companies.” 

This is advice worth following, but the first warning sign of an impending cyber-con should be prices for merchandise way below retail or wholesale value.  You also need to make doubly sure that the website you thought you were clicking onto is indeed the one you arrived at.  Cybercriminals are amazingly good at creating knockoff websites that look just like the real deal.  The only difference would be a subtle spelling difference in the url.  So be warned and be safe.

On the Second Day of Christmas my true love said to me, look what I won honey!


Another version of the too-good-to-be-true offers are contests that notify you “You Have Won!”  First of all if you are unfamiliar with said “contest” do not accept the email, much less click on the link.  If you do go there odds are you are going to be asked for additional personal information “needed” to send you your prize, or you might even be asked for a credit card number to “cover shipping.”  They don’t call them Con Tests for nothing folks.  Give the Grinch the boot.

“Consumers should be suspicious of any email, messages, or posts on social networks promoting giveaways or contests that seem too good to be true, e.g., free high-value gift cards, tablets, and Smartphones. These “contests” are often scams designed to bilk consumers out of money and/or to collect consumers’ personal information for resale. Genuine sweepstakes and contests are commonplace on the Internet; however, you should avoid any contest or promotion that requires you to pay money or to perform any sort of financial transaction. Also, think twice before participating in promotions that require entrants to register with multiple third-party websites; often these are ploys to build marketing lists. Promotions that require users to provide more than simple contact information may even be phony or run by scammers who resell consumer information to collect referral fees!”

On the Third Day of Christmas my true love said to me, let’s help this charity!

Donating to a legitimate charity is a noble act, but you need to be extra careful to whom you give your hard-earned money.  Fake charities are a real menace to consumers and business owners alike.  Before you donate, make sure you navigate your way to a legitimate charity.  A blog by titled “4 Ways to Avoid Charity Scams” advises,

“It’s so easy to click on a link in your e-mail, break out your wallet for a sympathetic caller or open a site from Facebook — but resist the impulse. When you decide to donate, go directly to the website of the organization to whom you want to give your money, rather than taking a shortcut. Not only could your dollars never reach their destination, you could end up downloading malware or leaving yourself open to identity theft.”

On the Fourth Day of Christmas my true love said to me, look what a little birdy told me.


A always be doubly cautious of e-mail that was supposedly sent to you by a friend or family member that simply contains a line and a link along the following, “You need to check this out!”  The only thing you’re likely to check out next is the local PC Doctor to help you eliminate the malware you just unleashed on your system.  Even worse, some of the latest hacking software can even robotize your system, not to mention rifle it for any contact emails for your family and friends.  How do you think they got your address in the first place?

On the Fifth Day of Christmas my true love said to me, check out my new USB.

Aside from clicking on ads or e-mail links, plugging in a free USB is the quickest way to infect your system. If you will recall, this is how Iran’s Nuclear program was infected with the Stuxnet virus.  One of their personnel inadvertently picked up a USB that was left lying around only to plug it into a terminal.  So if you should be sitting in a coffee shop or copy center and see a USB lying around on a table unattended, DO NOT TOUCH IT.  You will thank me later.

On the Sixth Day of Christmas my true love said to me, let’s grab a cup of coffee.

Always be wary of using public Wi-Fi at coffee shops and the like.  As of late everything from coffee shops to airport terminals and public Wi-Fi systems at hotels have been targeted by hackers in order to gain access to unprotected systems.  There was even a report of a number of hotels in Japan that were infected with an insidious malware subroutine that was designed to target specific high-value executives in order to aid and abet corporate espionage.  Personally, I never connect to public Wi-Fi .  I use my cellphone to launch a Wi-Fi hotspot.  If you do insist on using public Wi-Fi then you should have at least three layers of anti-virus and anti-malware to protect you from unwanted intrusion.  Because your real wake up call might not be that double mocha latte after all.

On the Seventh Day of Christmas my true love said to me, let’s get some money.

Here’s the rub, it isn’t just your personal electronics that can be hacked.  So can everything from ATM machines to gas pumps.  Cyber-criminals use credit card skimmers that are designed to grab your credit card information or your pin numbers.  Thieves have also been known to install their own cameras in order to record your PIN as you enter it in public kiosks.  So make sure you cover the keypad with your hand before entering any PIN.

On the Eighth Day of Christmas my true love said to me, I got a call from somebody.

Thieves are also known to use the phone, impersonate a lender, credit card company, or even the IRS to try to pressure you into divulging personal information.  While breaches of major retailers involving tens of millions of stolen cards have and will continue to take place, when in doubt you should call the number of the bank or the one on the back of your credit card to make absolutely sure you are not being conned.

On the Ninth Day of Christmas my true love said to me, our package is in jeopardy.

Be aware: The U.S. Postal Service, UPS, Fedex and other legitimate shipping companies will not send you an e-mail if a package is hung up in transit.  But cyber-thieves will send you an e-mail that links to a clone of the shipper’s site in order to fleece you.  Again, when in doubt call the company directly.  Do not click on a poisoned link.  And never, EVER divulge personal or financial information unless you know to whom you are speaking.

On the 10th Day of Christmas my true love said to me, have you ever been to Bimini?

Travel deals that offer to Save You Big Money on last-minute trips also pop up at this time of year.  While there are a number of legitimate travel purveyors that specialize in last-minute trips, they will not solicit you via spam email.  You are required to opt-in and register with them.  The last thing you want to do is schedule a trip that takes you nowhere but to the cleaners.  Travelers Beware.

On the 11th Day of Christmas my true love said to me, look at the card we got from Sonny.

Digital e-cards are always welcome, unless they are not from the person you thought they were.  While you might be thinking season’s greetings, cyber-thieves are into season’s greedings by hoping to get you to click on a fake link that instead of bringing a twinkle to your eye will instead give you a case of merry Malware.  Again, never click on a link unless you are sure that it is from a legitimate e-card company like  (Also make sure you mouseover the link in order to detect if the URL on the card or email is the one you are going to be taken to.  If you mouseover the link and the URL that is displayed at the bottom of your browser does not match up with the link on the email, don’t go there or you will soon have a case of the Ho-ho-holiday blues.)

On the 12th Day of Christmas my true love said to me, let’s try this free app honey.

There’s no such thing as a free lunch, as the saying goes. And when it comes to free apps, user beware.  Many of them are designed by and for cyber-thieves.  Like a vampire, these denizens of the dark hope to get invited into your private space so they can put the byte on you.  Before loading any app you need to check them out in advance.  Google their reviews and use protected sites such as Google Play, or iTunes or since these sites vet their apps to make sure they aren’t carrying any unwanted presents.


Carl Weiss has been working the web to win since 1995 and has helped hundreds of companies increase their online results. He is president of W Squared Media and co-host of the weekly radio show Working the Web to Win which airs Tuesdays at 4pm Eastern on Click here to get his latest book "Working The Web to Win: When it comes to online marketing, you can't win, if you don't know how to play the game!".