boiMAG.com - Holiday Scams
The usual scams have only been amplified by a massive turn to online shopping due to the pandemic. All these things have driven more people than ever to shop online, buy online, and that presents an opportunity for attackers and bad guys.
Supply chain interruptions have only widened the peak fraud time window for many attackers, who are keeping up with consumers who have started shopping earlier. In addition to starting early, many parents are in a desperate position in 2021... Will the toy their child wants even be available?
In terms of specific threats this year, two stand out. Card not present fraud, and non-delivery scams. Card not present fraud takes advantage of situations where a transaction can be run without possession of a physical card, while non-delivery scams are probably common to anyone who has an email address. They’re those phishy-looking emails you get from “FedEx” about a package you weren’t expecting being undeliverable.
There’s a common thread between those two common frauds. They’re variations on phishing themes, as are fake websites offering hard-to-find toys and gifts. Some of the most unsophisticated, yet elegant, hacks have been perpetrated using social engineering.
Pair that with over five billion sets of credentials and stolen bits of personally identifiable information available on the Dark Web and you have a serious risk for individuals and businesses alike that only gets worse during a time of year where people are spending money with their guards down.
It’s going to be a rough year, especially with potential product shortages and shipping delays. It’s easy in this sort of situation to get complacent and not thoroughly check the legitimacy of online stores and offers, but there’s no more important time to be diligent than now.
Be sure all your devices are up to date, especially IoT devices on your home or business network that could be used as part of a botnet or otherwise compromised.
Be wary of unsolicited text messages or emails saying you have a delayed package or that they have a special offer. Those sorts of messages are almost always scams.
Instead of clicking on a link in a message or email, go directly to the website the sender purports to be from, or call the business directly to ensure you’re speaking to the right people
Customer service agents should never ask for personally identifiable information. If someone does, don’t give it out and ideally hang up the phone or close the chat window.
Use a digital wallet instead of inputting your bank or credit card info directly on a website, even a trusted one. PayPal, Privacy.com, and other products provide such services and are trustworthy and safe to use.
Engage the services of a credit monitoring agency for the holidays, or keep an eye on your credit history and bank statements yourself to be sure nothing seems amiss.
iPhones have a built-in service (which is also available from third-party apps) that will notify you when a set of your credentials is exposed on the Dark Web. Use one of those apps, or your phone’s built-in service, and don’t ignore a popup on your device that informs you that you’ve been compromised. Instead, take action by changing the password on that account and any that have the same combination of username and password.
Lastly, this holiday season especially merits a sense of caution. Be aware of tactics used by shady retailers or deals that look like they’re too good to be true. It’s probably some kind of scam and you’re just going to spend more time being frustrated and trying to untangle the mess of a stolen identity.”