2018 Holiday Scams: Tips for Staying Secure Online

Dec. 19, 2018 | by BioCatch

The holiday season is the most wonderful time of year for cybercriminals. This year, holiday season cyberattacks are on pace to increase by nearly 60%. And though Black Friday and Cyber Monday are behind us, consumers and businesses need to remain alert. In 2017, the highest spike in fraud took place after Christmas, as cyber criminals continued to target shoppers pursuing post-holiday deals.

We take a look at what tactics fraudsters are leaning on to execute holiday scams as well as holiday fraud prevention tips.

4 Holiday Scams to Look Out For

As online shopping skyrockets, cybercriminals capitalize on the influx to hit shoppers with well-laid holiday scams. Consumers aren’t the only ones at risk. Businesses are particularly vulnerable to a cyberattack amid the holiday rush.

1. Phishing attacks

Tried-and-true phishing attacks get a makeover for the holiday season. With phishing, a type of social engineering, cybercriminals send out fraudulent emails disguised as legitimate communications and trick users into clicking bad links. Those links either download malware onto a user’s device or request the user to enter information, like a credit card number, that hackers then steal.

The most common holiday phishing attacks include fake shipping notices, e-gift card offers, and banking-related attacks. Inboxes are busy this time of year, so it’s easy to quickly click through an email without paying close attention to the details. If you see odd payment requests or tracking notifications for an item you don’t remember purchasing, be on alert.

2. Malvertising

Malvertising, short for malicious advertising, is an attack method criminals use to embed malware in online ads. The fake ads, once clicked, redirect to landing pages or websites built to mimic legitimate sites. Once again, criminals know the holidays are a huge time for online shopping. More shoppers means more potential clicks and is the cause of the overwhelming success of malvertising.

How can you avoid malvertising? Keep in mind that an offer that looks too good to be true probably is. If you have any suspicions, visit a trusted retailer’s website directly to make a purchase and before entering any personal information. When you do click an online ad, check the URL of the page you are redirected to to make sure it’s that of a legitimate site.

3. Fake apps and websites

Fraudsters prep for the holidays by developing apps and websites that look just like the most popular websites out there. Think how easy it is to type in “amason.com” instead of “amazon.com” into your browser. If you search the former, chances are cybercriminals have set up a dummy site meant to fool shoppers who don’t realize they are browsing and making purchases on a fraudulent website.

Fraudulent apps are also a significant problem. Before downloading an app, double check that it is coming from a trusted brand, how many times it has been downloaded, and any reviews. Finally, always download apps from the official app store. Scammers are known to send text messages and emails tricking people into downloading fraudulent apps.

4. Holiday scams targeting businesses

During the holidays, companies are at their most busy at the same time that they are understaffed, with employees out on vacation. The huge volume of transactions makes it easier for fraud to slip past undetected. And with fewer employees around, reaction time for detecting fraudulent activity is much slower.

Cybercriminals know businesses are overworked and more susceptible to vishing, phishing, and malware attacks during the holidays. Remind customer service and staff to stay alert for fraud attempts and tighten up network security to prevent a cyber attack.

Both companies and consumers have a lot on their minds during the holidays, but we hope these holiday fraud prevention tips will raise awareness and help you stay vigilant against fraud.

Learn more about detecting malware and social engineering attacks in real-time in our white paper: From Login to Logout: Continuous Authentication with Behavioral Biometrics

Topics: Fraud