How to Avoid the Top Holiday Cyber Scams of 2021
This blog post is in partnership with LMG Security. With professional hackers and cybersecurity criminals posing a constant threat to law firms big and small, the reality is that your firm’s sensitive data will always be a target. The good news? This risk can be averted by a few simple and cost-effective security strategies which you’ll learn in this CLE Cybersecurity Academy presented in partnership with LMG Security.
This year, cybercriminals have upped their game, rolling out new phishing and fake website campaigns that target virtual holiday events and take advantage of record online shopping. These scams are growing in popularity, and you should expect to receive something similar this holiday season. How can you avoid hackers dampening your holiday cheer? Let’s look at the top swindles of the season and then we’ll share some tips on how to avoid these holiday headaches.
- Package delivery scams. In 2021, it is estimated that 1 billion people will shop online. This holiday season is forecasted to be another record year in which consumers flock to online shopping. A new survey found that more than 90% of consumers plan to shop online this holiday season – an increase of 13% over last year. More people are shopping online than ever before, and that means… record package deliveries! Unfortunately, cybercriminals target online shoppers by spamming unsuspecting consumers with fake package delivery emails.
How does this work? Cybercriminals text or email you about your upcoming package delivery. They may ask you to verify your address, update your preferences or even click a “tracking link” that actually sends you to a phishing site. Other scammers will email that they have discovered a package meant for you – and you need to contact them to confirm your details for delivery. There are also some frighteningly realistic USPS phishing emails, which come complete with logos, buttons and convincing scenarios. The stories vary: for example, criminals may claim that the delivery service could not deliver the package and the customer needs to click the link for a form or pay a small re-delivery fee. All of these scams end with a criminal installing malware onto your computer or stealing your personal and/or financial information.
How do you avoid these scams?
- Think before you click. Don’t click the tracking links in emails. It’s better to go to the company’s website directly to check your order status and use the tracking feature on their website.
- Always verify contact information before responding to an email or calling a number that is listed in an email, voicemail, or text – these can be fake and connect you directly to the criminals. If you need to speak to a shipping company, type in their website address directly or use a verified link from a search engine to get their web address or phone number.
- Learn how to spot a phishing email. There are several red flags that can tip you off that it could be a scam. Beware of spelling and grammar errors, emails that are marked urgent, unusual requests and more. Stop and think before you click—study the email carefully and always be suspicious. You can read this free tip sheet on How to Spot a Phishing Email for more information.
- Online purchase scams. How do you know a seller is legitimate? Cyber scammers set up fake e-commerce sites and seller profiles—especially during the holiday season. Their goal is to take your money and run—without the hassle of ever shipping a product. According to the Better Business Bureau, fake online purchase scams account for more than a third of the scam reports they receive. Furthermore, their data indicates that while over 400 different types of products were used in these scams in 2020, almost 35% were pet-related – so vet (pun intended) all suppliers, but be especially carefully before purchasing presents for your furry, feathered or scaled companions.
Hackers are also spinning up fake web sites mimicking popular e-commerce sites in order to lure unsuspecting shoppers to enter their payment information or sensitive data. According to Check Point, the two most commonly spoofed sites are Microsoft and Amazon. These fake emails and website can look very convincing and offer you special deals, subscriptions and more. When you enter your personal or payment information, you fall victim to the scammer, and your data and/or money is stolen.
How to prevent these scams:
- Verify the seller through third-party sites, ratings and more. Whether it appears to be an international e-commerce store like Amazon or a small eBay seller, verify links, sale and return policies, and seller reputation.
- For e-Commerce sites, check for the secure lock icon on your browser and verify that the name of the web site registrant is what you expect. This is not always a silver bullet, but it can screen out many problematic sites.
- Social media scams and fake gift exchanges. Criminals are breaking into social media profiles and scamming users with everything from fake gift exchanges to donation requests from your friends to support them as they battle cancer. There have been more than 11,000 complaints of these types of scams reported to the Federal Trade Commission this year. In these scams, criminals will ask you to donate money or sign-up online for a small $10 gift exchange. You can then end up sending money or gifts to the criminals, in addition to giving them your personal information. Beware of any requests from friends for money, gifts or even an offer of links to reset your password through social media messages.
You may also encounter fake ads in your social media feeds or in online marketplaces. Some scammers place ads offering a free trial of a product or service, asking you to support a charity, or simply advertise a great deal. Once you order, you may receive anything from a counterfeit item to nothing at all, except for the unwelcome gifts of recurring charges on your credit card and/or stolen information.
How to prevent these scams:
- If a gift exchange or donation request post appears in one of your contacts’ feeds, call your friend or relative directly to confirm if these stories and requests are legitimate.
- Use multifactor authentication and a password manager on all your accounts to reduce the risk of attackers getting access to your information.
- Always research companies and organizations before your buy or donate. Use third-party review sites, the Better Business Bureau, charity trackers and more. When in doubt, it’s better to pay slightly more and order from a reputable seller.
- Gift card scams. Gift cards requests are a popular scam that can target you at home, as well as in the office. The FTC reports that criminals obtained over $305 million in fraudulent gains from gift card scams between 2017 and 2020. According to an AARP survey, 31% of adults admitted they or someone they knew was asked to pay a bill/fee or claim a prize by purchasing a gift card. You should never pay any personal bill or fee or send payments using gift cards – this is almost always a scam. At work, you should be wary of the traditional office gift card scam. In these scams, a criminal impersonates your CEO or another executive and send emails or text messages to the office manager, executive assistant, or other staff, asking them to purchase gift cards. The cards are supposedly a “reward” for employees or a holiday surprise for the office— meaning that often, the victim is asked to keep the purchase secret. The victim sends the card details to the scammer, who steals them and cashes out.
How to prevent this scam:
- Ensure everyone in your office knows about common gift card scams and knows to verify requests for gift card purchases via phone before responding.
We hope you find these tips helpful, and we wish you a happy, healthy, and safe holiday season!
Authored by: LMG Security
At LMG, our singular focus is on providing outstanding cybersecurity consulting, technical testing, training, and incident response services. Our team of recognized cybersecurity experts have been covered on the Today Show and NBC News, as well as quoted in the New York Times, Wall Street Journal, and many other publications. In addition to online cybersecurity training, LMG Security provides world-class cybersecurity services to a diverse client base located around the United States and internationally.