Beware of Holiday Scams

Article Cybersecurity
holiday scams


Tis the season for cybercriminals!

Research from last year revealed that organizations saw a twenty percent increase in attempted cyberattacks between November and December, with the majority of attacks beginning right around the Thanksgiving holiday. During the Black Friday/Cyber Monday online shopping frenzy, the hackers leverage the increase in activity to take advantage of unsuspecting shoppers. They will impersonate common e-commerce sites and send phishing e-mails with fake deals, massive discounts, and offers for free gift cards. The e-mails look legitimate and will entice the recipients to click on infected web links or open attachments ridden with malware. The messages try to create a sense of urgency by telling consumers that the deal ends soon, or only a limited number are available, motivating users to take quick action without much investigation. Sadly, per this recent Krebs on Security article “Phishers are upping their game. So should you,” gone are the days of easily identifiable misspelled words, grammatical errors, and unencrypted website prefixes.

Hackers are registering fake domains using popular brand names but with the domain name including a few extra letters or words, or a slightly modified spelling. Examples include Amazonsecure-shop, Target- officialsite, and Walmartkt. PayPal is also a commonly targeted brand for holiday scams. Criminals will create copies of the different retailer websites and convince consumers to register or login to what they think is their actual Amazon or Target account. Once they type in their information, the hackers now have their account credentials and can login to the real retail sites to gather personal information, payment card details, and review shopping history or other information that might be valuable for future social engineering attacks.

Other common tactics include false shipping notifications that deliver attachments infected with malware, as well as phony messages and posts on social networking sites that request funding or support for fraudulent causes. E-greeting cards from unknown senders can also trap users into clicking to see what they think is a personal message.

Here are some tips for you and your families as you finish your holiday shopping:

  1. Verify that the sender email address is the company’s legitimate e-mail address by comparing it to the suffix of their website.
  2. Carefully review any special deals or discounted offers you receive in your inbox. Rather than opening the email, go directly to the intended website and verify the deal exists.
  3. Avoid clicking on unsolicited links or downloading attachments from unknown sources. Hovering over the links in the email will display the associated URL and allow you to ensure you will be directed to the appropriate site before clicking on it.
  4. Do not assume that just because a site uses the HTTPS and you see the green lock in the URL line that the site is safe. The green lock only confirms that the traffic between your browser and that website is being encrypted; it does not mean the site is legitimate or safe.
  5. If you have the option to use a credit card instead of a debit card, the credit card is the better choice when shopping online. Your debit card pulls funds directly from your checking account so if someone were to obtain your card number to make fraudulent purchases, your account could be drained. It can also be difficult to get that money back in a timely manner. With a credit card, your liability is limited and the card brands have better resources for tracking and apprehending the criminals than you do.

As an organization, it is important that you share these tips with your staff. Many employees (about 53% of them according to CareerBuilder’s annual Cyber Monday survey!) are shopping online while at work, so an employee on their network-connected device could be putting the rest of your organization at risk.

Please contact us if you have questions about how to improve your overall security awareness efforts and help your employees avoid falling victim to potential holiday scams.

Some additional guidance from our Customer Relationship team below:

[Seguy]: Holiday shopping years ago meant having to protect your purse or wallet from potential thieves at the crowded shopping malls. Today, you still need to protect your wallet – only now it’s your virtual wallet as you go shopping online. The good news is that the same basic rules apply: keep your wits about you, don’t assume every deal offered in big letters is all that you will be getting, and pay attention to the details. And although your CampusGuard Team spend most of their time advising you how to protect your payment card data, if something goes wrong and you do end up having your personal card data stolen, it is far better to have that be your credit card than your debit card. There may be plenty of Grinches trolling the internet but you can avoid them by following a few simple steps.


About the Author
Katie Johnson

Katie Johnson


Manager, Operations Support

As the manager of Operations Support, Katie leads the team responsible for supporting and delivering CampusGuard services including online training, vulnerability scanning, and the CampusGuard Central® portal. With over 15 years of experience in information security awareness training, Katie is also the Product Lead for CampusGuard’s online training services. As a Senior Customer Relationship Manager for a limited number of customers, Katie assists organizations with their information security and compliance programs and is responsible for coordinating the various teams involved.