Avoiding Holiday Threats and Cyber Scams

holiday scam 1Holiday shopping is at its peak, and as always, cybercriminals are ready to take advantage of eager buyers all over the globe. This year, reports say that online shopping in the United States is set to exceed sales from traditional brick-and-mortar shops, providing more opportunities for cybercriminals to set up money-draining scams.

This is not a new trend for online scammers and cybercriminals. For years, we have seen how scams targeted at consumers have peaked during the holidays. Since 2008, we’ve been keeping track of the many sites and spam campaigns that have tricked consumers into giving up credit card information or other valuable data. The rise in the volume of these sites during the holiday shopping season is completely predictable, and consumers can protect themselves simply by knowing how these scams work.

Tricking You into Clicking

Users have become better at identifying spam, but cybercriminals have also improved their social engineering methods. Many of the lures they use look very authentic, carefully tailored to mimic a typical email or message that users click every day without thinking.

Currently, we're seeing these types of headlines or topics used to lure users:

  • Shipping orders or postage related topics
  • Billing slips or invoices
  • Travel deals and offers
  • Fake promos or holiday sales

Below is an example illustrating how cybercriminals use these headlines. The typical spam email looks like a normal notice sent by a postal service, but it includes a nondescript link leading to a malicious site that delivers malware:

holiday scamFigure 1. Spam from a November campaign pushing a banking Trojan

During the holiday season when everybody is ordering multiple gifts from different sites, a buyer might just click a link like this without a second thought. In this particular case, clicking the link would prompt a user to download an invoice, which is a Word document. The invoice would then ask users to enable certain features that would allow the download of malware.

Other scams are stealthier. We’ve seen cybercriminals create fake check-out pages linked to legitimate shopping sites. These pages are set up to capture credit card information. This year, travelers are big targets—many scammers are putting up counterfeit sites or advertisements for fake hotels or cheap flights. Travelers think they’re getting lucky with a cheap deal, but in reality, they’re being conned out of their money.

holiday scam 2There has also been a rise in social media scams. All over the world, we’re seeing an increase in the quantity and diversity of the scams used on social media platforms. Many small business owners rely on social media to connect with customers, and even conduct their payments and organize deliveries through their social media accounts. Cybercriminals take advantage of this informal trading platform and trick consumers by impersonating brands or distributing fake notices for deals and sales. Typically, these scammers either phish for credit card information or try to get users to download malware onto their devices.

Avoiding Phishing and Other Scams

Being aware of these methods helps you identify them and avoid clicking on malicious links. Here are other tips:

  • Check who sent the emails—are they from a recognizable sender? Keep track of your billing statements and invoices so you can separate fake messages from any real notices you are expecting.
  • Keep an eye on credit card balances before, during, and after the holidays. Any suspicious activity or charges, even those only worth a couple of dollars, could be a sign that your credit card was compromised. Inform your bank of any unauthorized charges.
  • Be wary of unfamiliar shopping apps. Check if they are legitimate before downloading and installing them on your devices. Be cautious of retail apps requesting access to contacts, messages, or passwords.
  • Buy from reputable merchants and recognized websites—look for the ‘HTTPS’ in the address bar of the online retailer and check if the domain name of the sites is legitimate.
  • Do not send cash or wire money for payment—pay with a credit card or a gift/charge card. Using a separate credit card for online purchases is ideal.
  • Secure your computer and mobile devices by updating your OS to patch any exploitable vulnerabilities. Install and update your security software to defend against current known threats and can protect your devices from malicious programs.

Holiday shopping is tricky—you order online to avoid the lines or the overcrowded malls but then encounter a whole new set of risks. The best way to ensure safe shopping is to be aware of the threats that are out there and take the necessary precautions. Trend Micro™ Smart Protection Suites can detect malicious files and spammed messages as well as block all related malicious URLs. Trend Micro Deep Discovery™ has an email inspection layer that can protect users by detecting malicious attachments and URLs, while Trend Micro Internet Security has security features that can detect malware at the endpoint level.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.