Don’t Let Cybercrime Turn Your Happy Holiday Into A Humbug

Intelice Solutions' final webinar of the year was also the final installment in our 3-part series on cyber security. Hosted once again by Brian Loughlin, this webinar focused on how to stay safe online this December.r>

Intelice Solutions’ final webinar of the year was also the final installment in our 3-part series on cyber security. Hosted once again by Brian Loughlin, this webinar focused on how to stay safe online this December.

With the holidays fast approaching, cybercriminals are just as busy as the rest of us are. However, while we’re busy buying gifts, they’re hard at work trying to steal your identity and your money. There are several tactics hackers and scammers rely on to achieve their goals, which we’ve broken down into four main areas of concern for consumers.

Online Shopping Scams

As with most things in life, if an online deal looks too good to be true, it probably is. Scammers are looking to defraud consumers by offering deals that sound incredible, but in reality are just a means of getting past your defenses. This can be accomplished through phishing or a number of other tactics, with the goal of tricking users into handing over personal information. These scams sometimes offer brand name products at extreme discounts, promise gift cards as an incentive to buy a certain item, or by advertising a specific item online only to have the purchaser receive an item that doesn’t match the description of what they paid for.

As easy and convenient as it is to do all of your holiday shopping online, you need to be savvy and diligent to avoid falling victim to one of these scams. Imposter websites are another popular method used by cybercriminals. Using ads for either the site itself, or a product you might have searched for on that site, scammers trick users into clicking on these ads and then prompt them to login. The login page may look authentic, but a quick glance at the URL could tell a very different story. If you put in your username and password, the hacker now has access to your account and the information it contains. If you use that same username and password for other sites, the hacker can access those as well.

Prevention Tips

  • Avoid clicking on ads or links, and navigate to the site directly
  • Watch for spelling and grammar mistakes in ads, and on the site itself
  • Confirm any URLs or links before you click
  • Verify that the lock icon that means a website is secure is present in the address bar
  • Check each seller’s rating and feedback before making a purchase, along with the date the feedback was posted to ensure its legitimate
  • Use a credit card instead of a debit card, as your credit card offers more fraud protection

Social Media

Scammers will build fake Facebook or Twitter accounts for well-known companies in an attempt to gain a following, gather personal details from unsuspecting users, and trick users into clicking on links that could make their identities vulnerable. Always check for verification from the social media vendor, as well as watching for signs of fraud like those listed above.

When downloading new apps to your smart phone or tablet, always go through the main store associated with your device. Downloading apps through ads, links, or third party sites can often lead to you installing an app that is not what it claims to be. An app for a free game could be hiding malicious code that is designed to steal your personal information directly, or advertise things like free gift cards or special deals to get users to give up sensitive information.

Apps that are published to legitimate stores such as the Apple Store are carefully vetted before being released to the public, but sometimes a bad apple makes it through. Take a moment to look at the publisher information before purchasing an app to ensure that nothing is amiss.

Prevention Tips

  • Check for verification from the app store/vendor
  • Review comments and ratings
  • Make sure contact information is provided for the app designer
  • Check permissions to see what information the app asking for access to
  • Look for spelling and grammar mistakes in the description and details

Phishing, Smishing, and Vishing

Phishing is a well-known term for scams that target users in an attempt to trick or persuade them into giving up personal information. Because the methods used by these scammers have gotten so vast, we’ve had to come up with new names to better identify each style of scam. Phishing generally refers to email-based scams. Smishing  (SMS, or texting + phishing) are text messaging-based scams. Vishing (Voice + phishing) are phone-based scams.

Regardless of the name or tactic, these scams follow the same basic format:

  1. Criminals set up an automated dialing system to email, text, or call people in a specific region or area code (or sometimes use stolen numbers from banks or credit unions)
  2. Targets receive a message that says something like “There’s a problem with your account” or “Your card needs to be reactivated”
  3. Victims are directed to a phone number or website asking for personal information
  4. Scammers use that information to steal from victims’ bank accounts, charge purchases to their credit card, create a phony ATM card etc.

If the victim logs in to the phony site from their mobile device, they could also end up downloading malicious software that gives the hacker access to their device, and any data store on it.

Prevention Tips

  • Do not respond to unsolicited emails, calls, or texts
  • Avoid providing any information, or filling out forms in email messages that ask for personal information
  • Verify sources, numbers, email addresses, URLs etc. before acting on any of these messages
  • Contact your bank or service provider directly if you have any doubts
  • Don’t click on links – go directly to the website mentioned in the unsolicited email

Teeny, Tiny Charges

Identity theft is not always blatantly obvious. A recent example of this was an organization that instead of making large purchases, made a series of very small charges – anywhere from $.20 – $10 – from a company with an innocuous sound name, complete with a toll free number the victim could call to verify the charge. A single small charge to numerous victims netted them an estimated $10 million.

This is also a common tactic hackers use to “test the water”. A charge of a few dollars here and there to see if they can get away with it. Once they know the card they have is linked to a real account, and they have the right information to make purchases successfully, the big charges can start to appear.

Prevention Tips

  • Scrutinize every charge on your monthly credit card statement
  • Question any charges you don’t recognize
  • Notify your card company ASAP – do not let more than 60 days pass
    • By law, the card company must remove the disputed amount from your account while they investigate
  • Use credit cards instead of debit cards when shopping online

Finally, always use strong passwords to protect your account information. Keep your antivirus software up to date, and enable two-step verification wherever possible to make it harder for cybercriminals to access your accounts. Ignore any emails, text messages, or phone calls that strike you as untrustworthy, and monitor your credit card and bank account statements carefully.

Take every precaution you can to protect yourself, especially during the holiday season. Don’t allow your holiday cheer to be dampened by a cyber scam.

For more information about how you can protect yourself against cyber crime, or resources to help you identify these threats, contact us at Info@Intelice.com or (301) 664-6800. We’re the IT professionals businesses in Washington trust.