The holidays are a particularly risky time for shoppers of all ages, especially those less experienced in recognizing digital threats who turn to search engines and digital channels to get their purchase in time for Christmas. Malicious actors know this and are creating attractive, seasonally appropriate lures and even some of the simpler scams that can fool savvy online shoppers.
gift cards are a common attack vector for cybercriminals and scammers, as stealing the money loaded onto them is the equivalent of stealing cash, once it’s taken, there’s no way for the victim to get it back, unlike credit card transactions that do allow returns or cancellations.
As we continue to use video conferencing as a tool for social interaction, especially around the holidays, cybercriminals continue to run phishing campaigns that take advantage of it. These phishing attempts involve emails containing malicious links to invite the user to download a new version of the virtual conferencing platform software, which directs the user to a website operated by a third party. In some cases, this site does download updated software, but it also downloads a remote access trojan. This program gives scammers access to sensitive user information that can be sold on the black market or used for identity theft.
It may interest you: Double salary: do I pay debts or start spending?
Aamir Lakhani, Fortinet’s FortiGuard Labs Global Strategist states that “video conferencing platform attacks are just the tip of the iceberg this season. Unfortunately, there are other forms that are on the rise, including those that target mobile devices and phones. The version for voice call scam is usually known as “vishing” and the text message (SMS) scam, known as “smishing”.”.
Another method that we have detected from Fortinet’s FortiGuard Labs is that scammers add a QR code to popular products, making banners or fake advertising materials that they leave in physical stores. If the victim sees a product they want on a sign that says they can get it much faster and at a lower price, they are more likely to scan that QR code, which will take them to an infected site or download attempt. malware, highlighted the Fortinet Global Strategist.
The best way to avoid becoming a victim of these scams is to stay vigilant and follow these four practices:
- Create a strong password: You need to make sure you don’t use the same password for all platforms. It is possible to use a password manager to save all the passwords for the different accounts. Using random characters and not using the same user ID is also recommended.
- Keep our accounts monitored: It is important to constantly update our access credentials, and review our payment accounts in order to detect any unusual activity in time.
- Inspect gift cards: When purchasing a gift card at any store, it’s important to visually inspect it for any signs of tampering before loading funds and to stick with vendors we know keep their cards secured behind the counter.
- Do not make purchases by email: Do not agree to pay any virtual purchase using gift cards when the request is made by email, since in these cases the object we are trying to “buy” probably does not exist. That’s why it’s important to stick with providers we know and trust, and to confirm that the payment processing site is secure. Credit cards are the best way to pay, since most have fraud protection at some level.
To avoid these scams, always follow the best cyber hygiene practices: check the sender before clicking on links or downloading files, even if they appear to come from a trusted source. In most cases, phishing emails are sent from addresses that do not contain the legitimate domain of the organization they intend to impersonate.
Taking the necessary precautions, it is possible to enjoy our favorite traditions in a safe way. Thanks to digital platforms, we can connect with our family and friends from the comfort and safety of our homes, and fulfill those gift lists without having to go to shopping malls or department stores that are crowded at this time. .
Educating employees, family, and friends about what to avoid to keep their devices safe is the most effective path, as it just requires a higher level of awareness that will eventually become the new normal.