Identity Thieves LOVE the Holidays
The holiday season is an exciting time for consumers, and even more exciting for identity thieves. Criminals know that good cybersecurity practices are often put on the back burner when consumers are shopping for the perfect holiday gift.
Fraudsters rely on you to “click before you think” when browsing the hoard of online discounts and holiday sales. Without the proper preventative measures put in place, the holidays can leave you extremely vulnerable to various identity crime tactics and scams.
Prime Time for Cyber Crime
It’s no secret that the holidays are prime time for cybercriminals. Research confirms what identity thieves already assume: majority of Americans – up to 96% – are making online purchases. The Federal Trade Commission (FTC) found millennials are more at risk for online scams than seniors, so it’s important to educate your young adults on safe online shopping habits before it’s too late.
Trends have historically shown spikes in cybercrime during the holiday months. During the 2019 holiday shopping season, online purchase fraud increased by 29%. Online shopping has increased by $107 billion dollars already this year as we have all practiced safe social distancing, started working and learning from home more often, due to the coronavirus pandemic. That’s nearly six years of growth in less than eight months. Between November and December 2020, online sales are expected to surge another 33% to a record $189 billion in spending.
Why We Keep Falling for Online Scams
Fraudsters have a plethora of methods to target consumers for their personal and financial data online, but consumers continue to fall victim to the traditional scams. Let’s explore how emails, malware and spoofed websites can be used for a variety of holiday scams.
Spoofed websites – also sometimes called phishing sites – are extremely common during the holiday season. In fact, the Anti-Phishing Working Group (APWG) found over 35,000 unique phishing sites impersonating over 200 different brands in November 2018. The numbers go on to increase during December’s online shopping month.
Criminals set up fake websites to steal your personal information. These sites will often replicate well-known companies like Target, Amazon or Walmart to further convince you of their legitimacy. In short, criminals hope that you trust the site enough to provide Personally Identifiable Information (PII) like Social Security numbers, credit and debit card information and other sensitive data.
You may visit a page that visually looks familiar, but spoofed websites will have URL links that do not align with a company’s official website. While some may be easy to spot, more sophisticated criminals can create URLs that closely mirror legitimate sites. Because of the fast-paced nature of holiday shopping, criminals hope you’re too fixated on that too-good-to-be-true deal than notice whether the site is real or not.
Phishing and Spam Emails
Phishing emails go hand-in-hand with spoofed websites, also aiming to impersonate well-known companies that are familiar to you. Spam emails can also contain harmful software, or malware, disguised as discount links or attachments within the email itself.
Check the validity of a link before clicking on it. Fraudsters will disguise malicious links with seemingly harmless, hyperlinked text. Hover your mouse over a link to verify it is going where you expect it to before you click.
What is Malware?
Malware can pose a major risk to the sensitive data you store and share on your devices. There are many types of malware that carry out a variety of functions. One type of malware referred to as a “Trojan” will disguise itself as a legitimate file like Word documents and images. This may even be sent to you without a file, making it impossible to know your device has been targeted.
A “virus,” on the other hand works to infect the existing files to cause damage to your device. A third type of malware, known as “spyware,” can track your keystrokes and other user behaviors to capture sensitive information like login credentials, financial account numbers and more.
Holiday Identity Protection Tips
It would be difficult to avoid the Internet altogether during the holiday season – especially when gift shopping is much more convenient online. Use these tips to help secure your identity for the upcoming holiday season:
- Avoid downloading discount codes from emails and pop-ups. These promotional coupons are often used to break down your defenses and convince you to click or download malicious software to your device.
- Print out online receipts and store them in an email folder. Keep an eye on your financial accounts, bank statements and credit activity, and report any suspicious activity as soon as possible.
- Be wary of deals on social media or search engines. Sophisticated cybercriminals can manipulate spoofed sites to show up in search engine results or social media ads.
- Double check deals if are legitimate. Review the company’s official website to determine if coupons or promo discounts are real. If the deals don’t match, it’s more than likely a phishing or spam email.
- Never provide login, personal or financial information on unsecured sites. Look for “https://” at the beginning of the web address and the lock icon next to it to ensure you’re visiting a secured site.
- Use anti-malware and anti-virus software. Be sure that security software is properly installed and updated regularly.
Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!
Follow us on social!
*Originally Posted November 19, 2019. Updated November 16, 2020.*
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.