The holiday season is officially here and businesses across the globe are making the necessary preparations to gear up for the high customer demands. While making a list and checking it twice is top of mind for shoppers, cybercriminals too are checking their list, creating scams and malware to fool unsuspecting customers to hand over their personal information. As a business owner it is important to understand the threats shoppers face to better protect your company and customer data.
It is anticipated that the 2013 holiday shopping season will produce roughly $602.1 billion in revenue during November and December. Businesses and customers alike want a happy holiday season, so McAfee put together a list of top scams to lookout for to help you keep that holly-jolly spirit through the New Year.
Not-So-Merry Mobile Apps
Phones and devices are being used more and more this holiday season thanks to a handful of apps that make holiday shopping and planning easier for all. Official-looking apps, even with company or celebrity endorsements, can actually be malicious. McAfee found 26 percent of apps are likely to be more than just adware. Some of this malware actually redirects incoming calls and messages, stealing and sending out personal information from unsuspecting users.
With business owners implementing BYOD policies, it is important to stress the need for employees to avoid little known applications and only download those with established reputations and multiple reviews—anything downloaded on mobile devices should be from a trusted source. Employees need to check the comments section in the iTunes store or Google play store for reviews and confirm those parties involved in creating apps are legitimate.
Holiday Mobile SMS Scams
Mobile SMS scams increase around this time of year. For example, FakeInstaller tricks Android users into downloading what appears to be a legitimate app and then quickly takes control of the smartphone, sending SMS messages to premium rate numbers without the user’s knowledge.
In the McAfee Q3 Threats Report, the Android malware zoo grew by nearly 700,000 samples to a total of 2.8 million. More than 60 percent of these samples are FakeInstallers. A good rule of thumb is to avoid downloading anything that looks suspicious, from a suspicious source. Be vigilant in upgrading your anti-malware and Android operating system, and you’ll dramatically decrease your chances of downloading a fake installer. No one wants the gift of an expensive phone bill during the Holiday Season.
Hot Holiday Gift Scams
Remember the old adage, if a deal looks too good to be true, it probably is! Online criminals are publishing dangerous links, creating fake contests on Twitter and Facebook and sending phishing emails to entice customers looking for a good deal to reveal their personal data.
If you’re shopping online, be mindful of deals that look attractive to your wallet. Compare prices with the brand’s corporate website or another reputable retail site. Also, check the About Us and Return policy on a given website. If there are any errors, or the website simply doesn’t have that information available, it most likely isn’t a safe site.
Shipping Notification Shams
Phony shipping notifications are increasingly in popular during the Holiday online shopping season. Last holiday season Amazon sold 26.5 million items worldwide across all product categories. These sales generated a dramatic number of shipping notifications. Victims of this scam received messages from what appeared to be a mailing service, asking them to update their information for an upcoming shipment. However, these scams are actually carrying malware and other harmful software that can infect computers and phones alike.
As business owners receive shipping notification alerts, it is important to check the domain name before clicking on the link. If you did not place an order or don’t recognize the site sending you the alert, don’t click on the link and check for a customer service number to call. If you’re not careful, you could accidentally download malware such as Cryptolocker—resulting in your files being encrypted until you pay a ransom of $300 to $5,000 dollars!
Bogus Gift Cards
Gift cards are more popular than ever, according to the BBB, retailers estimate gift-card shopping will hit an all-time high—80 percent of shoppers are expected to buy at least one this holiday season, and this is attracting online criminals. Despite the convenience of the gift card, some gift-givers find they have fallen victim to online crime when purchasing gift cards online.
Many of these online offers take you to bogus websites that download malicious software onto your computer in the background or ask you to type in your personal information to get the deal. Others entice you to type in your gift card number to check or increase your balance so they can steal the information for later use.
With gift card sales estimated to total $24.81 billion this holiday season (up from $18.48 billion last year according to the NRF), it is not surprising that these goodies are targeted by criminals. Just keep in mind, if the deal seems too good to be true, it probably is! Often times it is better to go to the retail store and purchase the gift card on location to ensure that your investment is a legitimate gift for your loved ones. If you must purchase online, check the store’s ratings from other shoppers to ensure you are buying from a reputable store. Advise your employees to avoid clicking on links disguised as a gift card offers and to NEVER give out personal information online.
Combine SMS test messages and phishing and you get SMiShing—an identity theft scheme that involves text messages containing links to a fraudulent websites or phone numbers in an attempt to get you to divulge personal information. According to Whitepages.com, SMiShing messages carrying malware links, has increased by 400% since the summer of 2010.
Cybercriminals posing as retail stores, banks or credit card companies send alarming text messages to users, advising them that their card has been “deactivated” and they must confirm or verify personal information, such as their PIN, to reactivate it.
Studies show that 90 percent of all text messages are opened within three minutes. Don’t be fooled by that false sense of security. Slow down and think—banks and credit card companies will never ask you to confirm personal information via text.
During the holiday season it is easy to get caught up in the many frantic activities of the holidays. McAfee reminds businesses and shoppers to be on the lookout for popular Holidays Scams and ensure they are using comprehensive security software that is up-to-date. McAfee SMB solutions provide business owners with the security they need, giving them a truly silent night—365 days of the year.
Published: December 19, 2013