IDENTITY THIEVES LOVE THE HOLIDAYS
The holiday season is an exciting time for consumers, and even more exciting for identity thieves. Criminals know that good cybersecurity practices are often put on the back burner when consumers are shopping for the perfect holiday gift.
Fraudsters rely on you to “click before you think” when browsing the abundance of online discounts and holiday sales. Without the proper preventative measures put in place, the holidays can leave you extremely vulnerable to various identity crimes and scams.
PRIMETIME FOR CYBERCRIME
It’s no secret that the holidays are prime time for cybercriminals. Research confirms what identity thieves already assume: The majority of Americans — up to 96% — are making online purchases. The Federal Trade Commission (FTC) found millennials are more at risk for online scams than seniors, so it’s important to educate young adults on safe online shopping habits before it’s too late.
Trends have historically shown spikes in cybercrime during the holiday months. During the 2020 holiday shopping season, 80% of online purchase scam victims report losing money. Experts project increased online sales of 7.6% this year and the strongest overall holiday sales in 20 years.
WHY WE KEEP FALLING FOR ONLINE SCAMS
Fraudsters have a plethora of methods to target consumers for their personal and financial data online, but consumers continue to fall victim to the traditional scams. Let’s explore how emails, malware, and spoofed websites can be used for a variety of holiday scams.
SPOOFED WEBSITES
Spoofed websites — also sometimes called phishing sites — are extremely common during the holiday season. In fact, the number of malicious shopping websites jumped 178% ahead of the November holidays. The numbers go on to increase during December’s online shopping month.
Criminals set up fake websites to steal your personal information. These sites will often replicate well-known companies like Target, Amazon or Walmart to further convince you of their legitimacy. In short, criminals hope that you trust the site enough to provide personally identifiable information (PII) like Social Security numbers, credit and debit card information, and other sensitive data.
You may visit a page that visually looks familiar, but spoofed websites will have URL links that do not align with a company’s official website. While some may be easy to spot, more sophisticated criminals can create URLs that closely mirror legitimate sites. Because of the fast-paced nature of holiday shopping, criminals hope you’re too fixated on that too-good-to-be-true deal than notice whether the site is real or not.
PHISHING AND SPAM EMAILS
Phishing emails go hand-in-hand with spoofed websites, also aiming to impersonate well-known companies that are familiar to you. The Federal Trade Commission notes that around the holiday season, spam emails containing requests for payment via gift card are especially common. Spam emails can also contain harmful software or malware be disguised as discount links or attachments within the email itself.
Check the validity of a link before clicking on it. Fraudsters will disguise malicious links with seemingly harmless, hyperlinked text. Hover your mouse over a link to verify it is going where you expect it to before you click.
What is Malware?
Malware can pose a major risk to the sensitive data you store and share on your devices. There are many types of malware that carry out a variety of functions. One type of malware referred to as a “Trojan” will disguise itself as a legitimate file like Word documents and images. This may even be sent to you without a file, making it impossible to know your device has been targeted.
A “virus,” on the other hand, works to infect the existing files to cause damage to your device. A third type of malware, known as “spyware,” can track your keystrokes and other user behaviors to capture sensitive information like login credentials, financial account numbers, and more.
HOLIDAY IDENTITY PROTECTION TIPS
It would be difficult to avoid the internet altogether during the holiday season — especially when gift shopping is much more convenient online. Use these tips to help secure your identity for the upcoming holiday season:
- Avoid downloading discount codes from emails and pop-ups. These promotional coupons are often used to break down your defenses and convince you to click or download malicious software to your device.
- Print out online receipts and store them in an email folder. Keep an eye on your financial accounts, bank statements, and credit activity, and report any suspicious activity as soon as possible.
- Be wary of deals on social media or search engines. Sophisticated cybercriminals can manipulate spoofed sites to show up in search engine results or social media ads.
- Double-check that deals are legitimate. Review the company’s official website to determine if coupons or promo discounts are real. If the deals don’t match, it’s more than likely a phishing or spam email.
- Never provide login, personal, or financial information on unsecured sites. Look for “https://” at the beginning of the web address and the lock icon next to it to ensure you’re visiting a secured site.
- Use anti-malware and anti-virus software. Be sure that security software is properly installed and updated regularly.