The holiday season should be a time for family, friends, and festivities. But be aware that cybercriminals know that people are busy and distracted during this time of year and seek to take advantage of that. Here are just a few examples of holiday-related scams to avoid.
1. Gift Card Scams
This type of scam has become more prevalent in general, but it is especially an issue around the holidays. Since gift cards are difficult to trace, they have become a way for criminals to cover their tracks.
How to avoid this:
-No seller should be asking for payment in gift cards. If this occurs, end the transaction.
-If you purchase a gift card online, make sure the site is legitimate.
2. Package Delivery Scams
During the holidays, many people are expecting package deliveries, so a message about a package delivery might not seem out of place. But if you receive a text similar to the following, think again.
“Your package is stuck at the sorting center, pls update your address: www.upst.top.us”
A few clues indicate that this message is not legitimate. First, the link is not to ups.com – it’s to “uspst.top.” This is another cybercriminal strategy that is becoming increasingly common: “typosquatting,” which involves hackers claiming domains with names almost the same as the company they are posing as. This trick relies on users not noticing the typo and thinking the link goes to the actual site.
In addition, the text uses abbreviations “pls” which official company communications would not contain.
How to avoid this:
If you receive an email or text about a package and are not sure whether it is fake, do NOT click on the link. Instead, go back to the original confirmation email you received when you placed the order. You can use the order number to access the real package tracking information.
3. Fake Online Stores
Hackers can create online stores designed to mimic the branding and design of the actual store, yet whose sole purpose is to steal your information. The site may also send you emails with malicious links.
How to avoid this:
-Check that the site domain name is an exact match and that there are no typos. If there are, the site may be employing the “typosquatting” scam technique.
-Notice whether there are spelling and grammar errors on a site, or informal “texting speech” that official company communications would not contain.
-If the website asks for highly sensitive personal information not necessary for a purchase, such as your social security number, that is a red flag that the site is malicious.