With brands like Target and Home Depot suffering major data breaches, many security eyes are on retailers as we enter the holiday shopping season. McAfee just announced its annual “12 Scams of the Holidays” to help shoppers do everything they can to avoid cyber-scrooge scams on digital devices, social media platforms and beyond.
Consider the statistics: Holiday shopping sales are expected to hit about $616.9 million this year, according to the National Retail Federation. At the same time, e-commerce sales are predicted to rise between 8 percent and 11 percent in 2014 to reach over $105 million, with 56 percent of smartphone owners planning to shop on their devices, cording to Internet Retailer. On top of all that, 80 percent of U.S. households with Web access are conducting online banking transactions.
“As consumers shop, bank and share more while on the go, they open themselves up to threats from criminals who want to steal their personal information,” said Gary Davis, Chief Consumer Security Evangelist at McAfee. “Understanding what to watch out for and how to properly secure their devices gives consumers additional information to protect their digital lives.”
Three Thorny Scams
Let’s look at the scams one by one:
1. You’ve Got Mail: As holiday sales continue to migrate online, McAfee warns that the risk for shipping notification and phishing scams is rising. Of course, malware is a constant risk but consumers are more likely to click on shopping notification or phishing e-mails during the holiday season because they think they're legitimate.
“After a year of high profile breaches consumers have been asked continually to change their password, and protecting access to their accounts should remain a priority -- they should also be considering the use of a password manager,” Trey Ford, a Global Security Strategist at security data analytics, and risk management company Rapid 7, told us.
2. Deceptive Advertising: McAfee notes that shoppers are searching for “steals and deals” during the holidays and warned consumers to beware of dangerous links, phony contests on social media, and fake gift cards.
3. Chilling Charities: McAfee warns about fake charities that could pitch you via e-mail or through social networks.
“Consumers should also be reminded that e-mail addresses were part of the data we’ve seen stolen in these high-profile breaches,” Ford. “Given this, phishing e-mails are even more likely and I’d be extra wary of clicking links on any unexpected e-mails or advertisements. This goes for e-mails about holiday deals, giveaways, promotions charities or any other unsolicited notifications.”
Do Your Part
4. Buyer Beware: You can’t always avoid scams. Point of sale malware is out of your control, so McAfee suggests checking your credit card statements vigilantly and staying on top of breaking news to be aware and prepared.
“By now, we all understand that the checkout counter or point-of-sale terminal is software installed on a computer-powered cash register,” said Ford. “Knowing that there is a possibility that the computer isn’t safe, use your credit card, not your ATM card. To make life even easier, if possible, use the same credit card for all your holiday shopping. This will make it easier to check your balance each month for anything suspicious while limiting the potential for more than one credit card being compromised.”
5. iScams: McAfee also warns that even the most official-looking or festive apps could be malicious and access your personal information.
“This is smart, and increasingly important to call out,” Ford said. “I would avoid installing apps for events, shopping programs or anything ‘temporary.’ These applications have access to all kinds of things in your phone, and you have no real idea what they are doing with that data.”
6. Getting Carded: McAfee also warns about digital e-cards, which can contain malware. If you open one be sure it’s from a well-known card company.
7. Holiday Travel Scams: With travel on the rise during peak holiday times, McAfee said fake online travel deal links are bountiful, but there are also risks that exist once you arrive at your destination including spyware that can access your information through logging onto infected PCs onsite.
"With all the data breaches being discovered seemingly daily, consumers don't just have to avoid ‘scams’ they have to keep their data out of legitimate companies' hands as well, because these companies are getting scammed and hacked,” Rob Shavell, CEO of Abine, an online privacy company, told us. “Pay with cash or a gift card or a Masked Card from Blur when shopping online.”
8. Bank Robocall Scam: When holiday spending increases and consumers are aware of the abuses to their bank accounts and credit cards, McAfee said hackers use this as an opportunity. The firm cautions: “In most cases, consumers receive a fake phone call from one of these institutions from an automated (or not) ‘security agent’ stating that the user’s account has been compromised and requesting personal information including the account password, to make changes.”
Four More Warnings
9. ATM Skimming: Did you know criminals can access your information at ATMs by installing skimming devices to steal the data off your card’s magnetic strip and either use a video camera or keypad overlay to capture your PIN? McAfee offers a tip: look closely at your ATM for anything suspicious and cover the keypad when entering your PIN.
10. Year in Review Traps: According to McAfee, some news services capitalize on the holidays by developing “Year in Review” articles. Companies should warn their employees about the risks of clicking on these types of links from their work e-mails. That, is because links from phony sources could infect and compromise the security of company devices, McAfee said.
11. BYO . . . Device: With an increase in travel, activity (and bubbly) over the busy holiday season, people are more likely to forget their smartphones in public places. according to McAfee. That’s one way hackers can gain access to sensitive information. Be sure to password lock your phone or add some other layer of security.
“With all the breaches this year, consumers have been reminded how valuable their password is to their e-mail -- access to that account is used for password resets to all of their accounts,” Ford said. “Please make sure you have a passcode turned on for your phone, and get a good backup.”
12. Bad USB Blues: It’s possible you’ll see an increase in gift baskets from vendors that want to continue doing business with your company in the upcoming year. McAfee said the most popular items in these baskets include branded USBs and cautions companies to beware of allowing employees to use these, as undetectable malware is sometimes pre-installed on them.
Posted: 2014-11-13 @ 1:15pm PT
@Dave: Your staff may be more savvy than many other people who unfortunately fall for these types of scams all the time.
Posted: 2014-11-13 @ 1:12pm PT
While I have shared these with some of our staff, I find it redundant and ineffective... I don't think this was done more by a marketing department than anyone who's generally concerned with Infosec.