The ’12 scams of Christmas’ revealed

Cybercriminals take advantage of consumers shopping on their tablets, smartphones and PCs over the Christmas period, and leverage scams to steal personal information, earn fast cash, and spread malicious software, according to security vendor McAfee.

This year, Black Friday and Cyber Monday present a huge opportunity for cybercriminals looking to take advantage of consumers with clever festive-themed scams.

Online retail revenues from the Christmas shopping rush this year are expected to reach a whopping £10.8 billion (IMRG), driven in part by the rise in m-commerce – 12.4% of total European online sales at Christmas will come via mobile, an increase of almost 70% year-on-year.

This period last year, McAfee recorded mobile threats for Android over the 900,000 mark in the lead up to Christmas, before dropping by nearly 50% to under 500,000 in the first few months of the year.

This trend is set to continue this Christmas with the amount of mobile-specific threats likely to peak to even higher numbers. In addition the first week of December sees cybercriminals open ‘the spam floodgates’ luring online shoppers with promises of amazing deals, false delivery notifications, personalised season’s greetings cards, and credit card offers.

McAfee’s 12 Scams of Christmas 2013:

1. Not-So-Merry Mobile Apps

Official-looking software for Christmas shopping, including those that feature celebrity or company endorsements, could be malicious, designed to steal or send out your personal data. A recent report from McAfee identified a new family of mobile malware that allows a cybercriminal to get around the digital signature required to validate apps on Android devices.

2. Holiday Mobile SMS Scams

A widespread piece of malicious code known as FakeInstaller, tricks Android users into thinking it is a legitimate installer for an application and then quickly takes advantage of the unrestricted access to smartphones, sending SMS messages to premium rate numbers without the user’s consent. No doubt Android handsets will be popular this Christmas, so consumers should ensure their gift also comes with appropriate security software.

3. Hot Holiday Gift Scams

Advertisements that offer deals on must-have items, such as these Playstation 4 and Xbox scams on Facebook, might be too good to be true. Clever crooks will post dangerous links and phony contests on social media sites to entice viewers to reveal personal information or download malware onto their devices.

4. Seasonal Travel Scams

Phony travel deal links and notifications are common, as are hackers waiting to steal your identity upon arrival. Around 1,000 holiday scams took place in Britain last year, costing holidaymakers more than £1.5million, according to the National Fraud Intelligence Bureau (NFIB).

5. Dangerous E-Seasons Greetings

Legitimate-looking e-cards wishing friends “Season’s Greetings” can cause unsuspecting users to download “Merry Malware” such as a Trojan or other virus after clicking a link or opening an attachment.

6. Deceptive Online Games

Before your kids are glued to their newly downloaded games, be wary of the games’ sources. Many sites offering full-version downloads of Grand Theft Auto, for example, are often fake and laden with malware, and integrated social media pages can expose gamers, too.

7. Shipping Notifications Shams

Phony shipping notifications can appear to be from a mailing service alerting you to an update on your shipment, when in reality, they are scams carrying malware and other harmful software designed to infect your computer or device. With an estimated 20,000 click-and-collect points across the UK this Christmas and increasingly flexible delivery options, consumers should be on guard against cyber crooks capitalising on delivery notification.

8. Bogus Gift Cards

An easy go-to gift for the holidays, gift cards can be promoted via deceptive ads, especially on Facebook, Twitter, or other social sites, that claim to offer exclusive deals on gift cards or packages of cards and can lead consumers to purchase phony ones online.

9. Holiday SMiShing

During the holidays, SMiShing is commonly seen in gift card messages, where scammers pose as banks or credit card companies asking you to confirm information for “security purposes”.

10. Fake Charities

Donating to charities is common this time of year for many looking to help the less fortunate. However, cybercriminals capitalise on this generosity, especially during natural disaster events, and set up fake charity sites and pocket the donations – for example, this email scam made the fraudster behind it £214k.

11. Romance Scams

With more than 9 million Britons now using a number of dating sites, it can be difficult to know exactly who the person is behind the screen. Many messages sent from an online friend can include phishing scams, where the person accesses your personal information such as usernames, passwords, and credit card details.

12. Phony E-Tailers

The convenience of online shopping does not go unnoticed by cyber scrooges. With so many people planning to shop online, scammers set up phony e-commerce sites to steal your money and personal data. In October this year, it was revealed that one in every five consumers looking for a bargain online were getting duped by phony retail sites.

5 tips for a scam-free festive season

1. Review mobile apps carefully before downloading.

2. Be aware! If an offer seems too good to be true, it probably is. Purchase directly from the official retailer rather than from third parties online.

3. Ensure that you’re doing your research before sharing personal details with an organisation you’re not familiar with. Banking and credit card companies should never ask you for personal information via text message.

4. Before traveling, make sure that all of your software is up-to-date and run a virus scan.

5. If you’re asked for a username and password after clicking a link, try using a fake input on the first login attempt. The extra few seconds it takes to load confirms that the page is actually looking for valid username/password combinations; scam sites will let you right in.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data Breach