Ahh, fall season. There is nothing quite like it! There is something in the air that beckons and entices the senses. Maybe it’s because those long summer days are dissipating. Perhaps, it’s the fact that the holidays and a new year are quickly approaching. Or maybe it’s the scent of pumpkin spice lattes or cookies in the air. In any event, it’s a gorgeous time of year. However, as the holidays approach we see a dramatic rise in scams and fake charities that spring up in an attempt to take advantage of the good-will in…well, quite frankly those who still have an ounce of good-will still in them.
Have you ever received a call from someone claiming to be from the IRS or a charity you’ve never heard of, demanding money from you ? Or perhaps received a call from someone claiming to be from Microsoft, stating viruses were found on your computer and the “technician” was pushing for remote access to your computer? Maybe you received a suspicious email claiming you won a lottery from some foreign nation? Or a message from a supposed relative who has come across some trouble and is requesting cash from you? Have you clicked on a pop-up that took you to a site with a great deal? You may have even been enticed by a seasonal job offer that requires upfront fees for training. These are just some of the many ways criminals try to get your hard earned cash.
As the holidays approach, we wanted to offer some advice to help you be alert and cautious of what to look out for and avoid scams.
Why is there an increase in scams during the holidays?
A report released by Curotec posits, the holidays are so enticing to cyber criminals because of “the combination of reduced staff, increased vacations, and significant upticks in eCommerce.” The significant increase in consumer spending this time of year particularly, is too lucrative for an assailant to pass up. After all, attackers know most people will discard their better judgement if a deal is enticing enough.
Different flavors of scams
Scammers are always seeking new ways of getting what they want; always seeking ways of exploiting human kindness. Criminals know that methods for stealing or scamming people out of information can be quite easy and very lucrative. Scams just have to sound appealing enough, and/or believable enough to convince their target into giving up something personal (i.e. money, banking or other account information, social security number, password). Scams also come in many flavors. Here are a few examples of what to watch out for this holiday season.
1. Strange sites selling extremely discounted products
Attackers know people are preparing for the coming holidays and there is a significant increase in spending. Criminals try to take advantage by crafting fake websites to look as legitimate as possible and promote good deals that entice the viewer into submitting sensitive information such as payment information. People are inclined to start browsing for the best deals.
Do some research before clicking on any suspicious links. Search the company’s name and history to determine legitimacy. With a little detective work you can find out if a deal is authentic or not. Most businesses, promoting amazing deals try to release that information as much as possible to attract more sales (unless the promotion says it is an exclusive offer). A little sleuthing may also help in determining if the product is worth the price or if the product is a knock off, faulty, or a flat out rip off. When reading reviews on a product, try to look up reviews not affiliated to the website. A lot of third parties and bloggers out there are constantly reviewing items, websites, and products without getting a paycheck from the company. Here is a useful link to help you determine if a site is legitimate or cause for concern.
2. Pop-ups that promote huge discounts
This is the time of year where your spam filters and ad-blockers are put to the test. You’ll likely get pop-up ads that show extremely good deals; most, if not all of which are too good to be true. These ads are designed to get the viewer to click on the it which re- directs the viewer to another site. Some of these pop-ups are for legitimate ads. But many are scams.
If you start receiving unwarranted or undesired pop-ups, there are tools you can implement called browser add ins, that can help filter and reduce pop-ups. AdBlock Plus and uBlock are great tools that are also free and go a long way in keeping annoying pop up ads at bay. Cleaning out your cache every now and again doesn’t hurt either. More and more ads are being catered to your previous searches and purchases, so you may be enticed to click on something. Attackers are aware of this so it is important to exercise caution as opposed to getting click happy.
3. Be cautious of seasonal employment opportunities
People are more inclined to need cash during the holiday season. One way attackers prey on victims is by offering a job that requires some training and/or upfront fees. Criminals will post up fake job listings and contact information designed to look as legitimate as possible, oftentimes even using legitimate looking logos from reputable businesses. The victim, seeking employment, will be inclined to give information that any job would be looking for, name, date or birth, social security number. If an attacker has this information, it is very easy to open up credit cards and fake accounts under the targets name.
Unfortunately, these scams are also often used on individuals looking to better themselves through education. A lot of fly by night schools pop up, attempting to reach people in desperate situations to get them to enroll in some program or pay a small fine up front for schooling, only to either be conned, or taught inadequately. Even if the victim doesn’t pay up front, the school gets its money from defrauding the government through fudging payments, grants, or loans. This can potentially also end up ruining a victims credit rating.
Read all documentation and fine print before agreeing to or signing anything. Research all business or school listings to see if the posting is accurate. Check with the Better Business Bureau to see if anyone else has flagged the company as being a scam. Also, look into how transparent the business or school is. Odds are if a business or school is vague and releasing as little information as possible, they are trying to hide something. Truly legitimate businesses or schools, are transparent and try to provide any requested information.
4. Tis’ the season for callers from fake charities
Let’s face it, scams come and go. But fake charities creep out of the wood works this time of year. When Thanksgiving and Christmas roll around, people are inclined to be more generous; more giving. Criminals know this so an exponential amount of fake charities pop up for just about anything you can think of (if there isn’t a charity seeking a cure for tennis elbow yet…give it time). Be wary of people calling and claiming to be from some charity or another and asking you for money.
Unfortunately, even most legitimate charities are for profit, (meaning most of the money donated goes to overhead costs instead of the actual cause). It can be difficult to gauge when conversing with the person on the phone if the charity is indeed legitimate. But if you feel that something isn’t right, follow your gut and hang up the phone. If you believe that the charity could be legitimate, ask for more information on the charity and do some research before contributing.
Here is an excellent link that provides great information on weeding out genuine non-profit organizations and charities.
5. Automated intelligence attacks
There has been a growth in automated attacks because they can target a wider amount of people in a shorter amount of time than a human can. More alarming, several automated calls do not sound like the robots of yesteryear, but almost sound like a legitimate person on the other end of the line. Attackers craft a generic dialogue with pre-set responses in place. Using an automated system to call random numbers, the criminals sit back and wait for a victim to provide personal information.
For the most part, you can tell if a human or some robotic mechanism is on the other end of the line. Most of the time, automated systems can be rooted out by providing responses or stating something completely unrelated to what is being requested, then awaiting what the response on the other end of the line is. Live humans can respond accordingly. Automated systems, however, tend to have a pre-defined dialogue that cannot adapt and respond like a live attacker can.
6. Phishy emails
Phishing is always a popular method for attackers because it is easy to reach a broad array of targets. Attackers craft an email to look enticing and provide a link for users to click on that either take a target to a malicious site, or the link installs malicious software onto the targets computer. The assailant then sends out their crafted message to as many email accounts as possible and waits for the fish (or phish) to bite.
Spam filters tend to be effective but can still miss messages every now and again. The best way to be safe is to exercise caution before clicking on anything. This link provides some great advice to help you determine if a message is legitimate or not.
Protect yourself from scams this holiday season
Vigilance as opposed to being trigger happy with a mouse or touchscreen can save you so much headache. It is also important to point out, even if an attacker is not successful in getting you to purchase something, if you were scammed into providing any information at all, that information can be used against you in the future. For example, if you were enticed by a particular ad, entered your name, home address and phone numbers, before realizing it was a scam, the attacker can craft another attack down the road designed to be more intimate with the data you provided him/her. Be mindful of what information you give out and to whom.
Things to remember
1. No one who legitimately works for Microsoft will call you and demand remote access to your computer. However, if you contact customer support that may be another story.
2. If you have received a call from someone claiming to be from the IRS, please read this report released by the IRS before giving any information away.
2. If you get a message from someone claiming to be family or a close friend in a dire situation, give them a call or try to get a hold of them just to confirm if they sent the message.
3. Research charities before donating hard earned cash.
4. Make sure you access trusted websites and avoid any that do not look legitimate. By the same token be cautious of clicking on pop-ups.
5. Read all agreement forms before accepting or signing off on something.
What to do if you feel you are being or have been scammed
As stated at the beginning of this topic, scams certainly come in many forms. If you feel you may have been the victim of a scam please contact your local law enforcement and report it. You just might save someone else out there from being a victim.
If you need technical assistance, help in determining if something is a scam, or just want advice, don’t hesitate to contact us at Tech Rockstars, Inc., and we will be happy to help you.