This blog was written by Bruce Snell.
As a kid, I remember hearing about the horror stories of the insanity that comes with holiday shopping. I remember seeing people trampled the first thing in the morning on Black Friday as they battled their way to the big-ticket items that were marked ridiculously low. It’s not just Black Friday either, malls, shopping centers, your local downtown all get jam packed with shoppers out trying to find the best present for their friends and loved ones (and obligatory gifts for weird relatives and coworkers). Luckily my retail job growing up was in a local office supply chain in a small surf town in Northern California, but I heard horror stories of holiday shopping from my friends working in large retail chains. Fast forward a few years later and we saw a rise in online shopping. While there was still the madness of Black Friday retail raids at first light, more and more people started shopping online, saving people time, gas and sanity. Now, we have Cyber Monday as a follow up to Black Friday and a number of retail stores have deals that you can find on their website instead of hitting the stores. All should be right with the world, peace on earth and all that jazz, right? Well, as more shopping moves online, the criminals are not far behind.
Scams of the Holiday Season.
“Like and share” – We’ve all had our Facebook feed littered with give-aways and contests posted by our friends and loved ones who fell for the “like and share” trap. Typically it’s a page offering a free or heavily discounted item to anyone who will click “Like” on their page and share it on their wall. I’d suggest you ask those friends how long it took before they received their free item. They’re still waiting? You may need to let your friend know that pair of free sunglasses is never going to show. These scams are a way for cybercriminals to collect information from you. By “Liking” their page, you’re giving them the appearance of being legitimate by adding to their apparent audience size. You’re also letting them have ad space on your Facebook wall that they can use to sell more advertisements. Another variation on this theme is to trick people into filling in their name and address. You’ll see more junk mail than you will prizes if you give them this information. If you provide your phone number, odds are you will see spam and phishing text messages before long.
Phishing – Phishing in multiple forms is always on the rise during the holidays. Phishing can show up as a text message on your phone, through email, Facebook Messenger, via Twitter or Instagram. Pretty much any account or platform you use to interact with people online can be targeted by cybercriminals. Phishing relies on sending a message that tricks you into clicking on a link. The links either download malware, or send you to a malicious website that tries to trick you into giving away sensitive information. A common method is to pretend to be an email from your credit card company asking you to verify your account information. It will typically lead to a website mocked up to look just like the credit card company’s site and ask for your account login information. This information is then collected by the cybercriminal for malicious use.
Counterfeit Apps – The Android app stores have always had an issue with malicious apps posing as apps for well-known websites and brands. Recently, hundreds of fake apps for retail and brand names were found on Apple’s App Store as well. These apps looked very similar to the legitimate apps and had names that could trick someone who was not paying attention into installing them on their phone. These apps would then act like a normal shopping app, but collect the user’s credit card information for other malicious use.
How Do I Stay Safe?
Be Skeptical – When you see posts on Facebook or other social media offering deals that are too good to be true, they probably are. Liking and sharing these sorts of “sweepstake” type pages does not increase your odds of winning a prize, unless of course that prize is being scammed and flooded with spam. Being skeptical will also help you avoid phishing. If you get a message from your bank telling you that you need to click on a link to keep your account active, don’t click on it. Type in the URL for the front page of your bank and use the standard login procedure. If there is trouble with your account, you will most likely be informed when you log in. If you are feeling particularly civil minded, you could also call your bank and let them know about the phishing attempt. Financial institutions typically keep track of phishing campaigns in order to help keep their customers safe.
Go to the Source – One very easy way to avoid counterfeit apps is to go to the website on your mobile browser and look for a link to the app from their website. With Safari on iOS, if a website already has an app, you will get a box at the top asking if you want to open the page in the app or download the app if it isn’t already installed.
Update, update, update – Malware writers rely on software bugs called vulnerabilities to spread viruses. Keeping your system up to date can go a long way towards getting rid of those vulnerabilities. This goes for not only the apps, but also the operating system as well. Make sure to turn on “auto update” on all of your devices.
Use security software – If you click on a link that leads to a malicious download, having good security software installed on your device can go a long way towards keeping your system from becoming infected.
The holidays can be a great time to spend time with friends and family. It can be a time of reflection on what’s important and a time to look forward to new beginnings. Staying safe online just takes a little awareness and attention to detail. Following the steps listed above will help keep the bad guys at bay so you can focus on what’s important in your life.
Stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and “Like” us on Facebook.