Every year, we flock toward specials, hoping to get a rock-bottom deal on the latest must-have gifts or gear for ourselves. The bad guys know this. They take advantage of the hectic time of year, knowing that we will do whatever we can to save a few bucks and get gifts before they are gone.
They prey on people’s emotions and the fact that many are so busy and stressed that they fall more easily for their scams. Attackers always leverage what works and the holidays are a great time to ramp up their tactics since people are typically distracted and more vulnerable. Let’s face it, no one wants their credit card declined when they have stood in line for five hours in the cold in hopes of getting that must-have gift. Here are a few things to keep in mind during this holiday season whether it's related to photography purchases or otherwise.
Sales Too Good to Be True
Everyone loves a good sale, right? But if it seems too good to be true... it probably is. In these scams, consumers receive emails, usually from retailers they’ve never heard of, promising phenomenal savings on popular gift items.
How it works: Consumers eager to snap up a bargain quickly (and many times without thinking) click on malicious links embedded in the email or visit malicious websites designed to steal their credentials, credit card information and more.
How to defend against it: Consumers should be counseled to only shop from known authentic merchants and to browse to websites directly (versus clicking links or attachments in email). Also, consumers should be wary of clicking on the top search results (i.e., in Google search) listing unfamiliar websites and merchants. The same holds true when consumers shop on a site and see an ad promising immense savings from an unfamiliar business. Attackers often set up lookalike sites (e.g., using something like www.target-com.com) to trick potential victims. Consumers should stick to tried-and-true methods of shopping and navigate to retailers’ sites directly. Additional tips for shopping safely online can be found on the US-CERT site.
Phishing
Phishing continues to be a top attacker tactic. Everyone uses email, and attackers know the key to success is tricking a victim into clicking a link or opening a malicious attachment (perhaps requesting to “enable macros” to view the content). Attackers are looking to obtain:
- Credentials: Usernames and passwords.
- Credit card information: Account numbers, expiration dates, etc.
- Personally identifiable information (PII): Social Security numbers, dates of birth, etc.
- Access to computers: They try to infect computers and gain the same access as legitimate users so they can steal data from the business. Everyone should remain vigilant throughout the year, but attackers do tend to use certain tactics more than others during the holidays and end of the year.
How to defend against it: Consumers should contact their bank or credit card company directly, using a known phone number and website. They should never click a link or attachment in an alarming email.
Shipping Confirmations or Item-Out-of-Stock Notifications
Consumers that successfully place an order with a well-known, familiar retailer can still be targeted by scammers via trick emails.
How it works: Scammers send consumers an email with either a shipping confirmation or a notification that the item they ordered is out of stock and no longer available. Generally, this contains a malicious link or attachment.
How to defend against it: For starters, consumers should be advised to slow down and consider whether the email address used on the confirmation or out-of-stock email is the same used to place the order. If they used a personal email address to place an order but received confirmation at a work email address, that should be a red flag. Consumers should be advised to browse to retailer sites directly to view their order history (and to never click a link, open an attachment or follow instructions to visit a random website).
The Best Advice: Be Aware and Slow Down
Attackers are very good at preying on their victims’ emotions. While phishing emails are the primary vector of choice today, and the tactics above are the most common examples, organizations should remind consumers that attackers are constantly innovating and coming up with creative ploys to convince their victims to click a link or open an attachment.
With all that being said, happy hunting this holiday season for the best sales!
[via IANS and The Inquisitr]
Excellent advice. A scammer recently tried to scam my wife by claiming that he was from our bank's fraud detection unit. Paula asked me "Did you order anything from the Apple Store?" I answered "Hell no!" Apparently, the "charge" was made in London. Paula toyed with him for a while saying that she was booting up her laptop to log into the system. The scammer didn't have any of the digits on the supposedly compromised account.
I thought this was going to be about the jerks who snap up all of the best deals (or regularly priced but rare inventory) and then turn around and sell them for a profit to the people who legitimately wanted them. Concert/sports tickets are the most well-known, but toys end up like that too. These people should be given the Salem Witch treatment.