Top 10 holiday threats
As the holidays bring an increase in online shopping, charitable giving and social interaction, consumers and businesses should be on guard against some common scams that occur frequently at this time of year.
Unisys identified 10 of the most prevalent scams that can lead to financial fraud or identity theft during the holidays. They are listed below, in no particular order, along with tips on how to avoid them.
1. Online shopping threats: To avoid being yet another victim, always shop on safe sites that have SSL certification, indicated by a locked padlock at the bottom of the screen. If you have second thoughts about using a site or retailer, follow your instincts and avoid it. Where possible, use a credit card rather than a debit card as banks can often offer consumers a higher level of protection when a credit card is used. If buying through sites such as Amazon or eBay, take the time to read the seller feedback. Finally, be sure to check your bank statements regularly for any unexpected “purchases.’
2. Seasonal spyware: The number of malicious e-cards circulating to personal and business computers is expected to rise this year. Never open an email or attachment from an unknown sender and do not download “exe’ files as these often contain adware, unwanted downloads and spyware.
If you can’t resist opening a file, drag it into your “junk’ email folder first as this allows you to check all the links to see if they are legitimate. If a site looks suspicious, follow your instincts and don’t click on it. Finally, be sure to install personal firewall, anti-malware and protection agent software on your computer. So if you make a mistake and click on a malicious e-card, you will have some protection.
3. Not-so-social networking: Enterprises and individuals are making increasing use of social networking sites such as Facebook and Twitter to keep in touch with clients, partners, friends and family over the holiday season. These sites can be a goldmine for identity thieves. To avoid identity theft, never offer personal information to anyone over a social networking site, even if the request is from a friend or relative. Do not offer your birth date, birth town and home address on your user profile, and always make sure you apply the right privacy settings to protect yourself. Avoid posting photos of expensive belongings or dates when you are away from home over the holidays.
4. Beware of ATM skimmers: Whether at your neighborhood bank or at your office lobby or credit union, you should be aware of your environment when using an ATM to obtain holiday shopping cash. If you think someone is too close behind you or looking over your shoulder, find a different ATM machine.
Thieves are becoming more and more sophisticated, so also check the actual machine to make sure that it is solid and sturdy. Some skimming scams have involved fitting the front of an ATM with a false panel containing a small webcam or digital camera that can capture your card details. If the ATM machine appears to be behaving oddly or does not work the first time, go to a different machine – don’t try it again!
5. Fake online payment sites: Escrow services such as PayPal allow businesses and consumers to securely and conveniently send and receive payments online. However, escrow scams are increasing as fraudsters set up fake payment sites to con both buyers and sellers out of money.
To ensure payment sites are legitimate and secure, you should ensure the sites have SSL certification. Also check that the web address starts as https:// rather than just http:// as the absence of that “s” is often an indicator of rogue traders. A real escrow company will also only ask you to transfer money to them directly from your bank, i.e. a traceable transfer. If they ask for another method, refuse. Before you send anything, verify with your bank where the receiving bank is located. If this looks like it is outside the seller’s own country, stop the transaction.
6. “Spirit of giving’ scams: Christmas is the season for sharing and, as a result, thieves will often make the most of people’s generosity over the festive season. Watch out for emails or tweets from charities that ask for donations, particularly if you have never signed up to receive correspondence from them. Be sure to check that charity collectors in your neighborhood or near your office have some form of identification.
7. Gift grabbers: After opening all the presents, break down the boxes completely so that what was in the box is not obvious to passers by on the street. Thieves are more likely to target homes with home theatre or PC boxes in the trash. The same is true of business-related or personal bills, receipts and financial statements – all of which could contribute to identity theft. And as always, employees must protect their company’s intellectual property by safely disposing of materials that are proprietary to their companies.
8. Protect your new laptop: If you received a new PC or laptop running on MS Vista or Windows 7 as a holiday gift, make sure you are using anti-malware software and have enabled the firewall before connecting to the Internet. Whether you are connected to a wireless network or via a cable, on average, it can take just nine seconds for your new laptop to receive its first “ping’ attack and less than a minute to receive its first virus.
9. “Free’ Wi-Fi and wireless network hacking: If you are using that new laptop on a wireless network at home or workplace, make sure that network is secure. This is because the Wi-Fi network range will radiate beyond the confines of your building, leaving it vulnerable to “wardriving”. Hackers could use an unprotected wireless network to anonymously download illegal material or perpetrate attacks that would appear as if they were coming from you. Wardrivers are also known to hack into computers to steal personal details.
10. Account check and phishing cons: Be wary of account checking scams in which a phony representative of a bank or supplier who contacts you by phone or email to ask for account details to update their records.
Callers will often claim that they need certain data in order to check the security of your account while actually obtaining very valuable information to carry out fraud. In the lead-up to Christmas, remind your family, friends and colleagues to err on the side of caution and refuse to give out any personal details either on the phone or online. If you think the call is genuine, ask to call them back and check the number by visiting their website before you call back.
Likewise, don’t assume that an email that looks like it comes from your bank or a company you’ve done business with is legitimate. In common phishing attacks, email messages from impostors contain links to phony lookalike sites where your logon ID and password can be captured. Always suspect that web links in unsolicited emails may be fraudulent, and don’t provide any personal information to such sites.