The 12 Cons of Christmas

These cons can lead to identity theft or infection of your computer and make the most wonderful time of the year woeful

While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off.

CSO compiled a list of twelve dirty tricks to avoid this holiday season (or any time).

Product come-ons

After a day of shopping, you log on to Twitter and 'tweet' about how hard it is to find a Zhu Zhu Pet, this season's hot toy, for your daughter. Soon after, you receive a direct message from another Twitter user offering to sell you one. It's your lucky day, right?

Unfortunately, the user often ends up paying for a fake version of the product, or no product at all. It's the classic phishing scam with a new and sophisticated twist because criminals can see what you are looking for by monitoring your tweets on Twitter.

"It used to be that you could identify a phishing scam because they often had spelling mistakes, or the link had some kind of tell-tale sign," said Mark Cohn, vice president of enterprise security with Unisys.

But the game has changed now. The signs that made scams so obvious before are no longer always present as more sophisticated techniques employed by criminals on Twitter and Facebook make it harder than ever to know what's legit. The easiest way to stay away from this?

"Be skeptical," said Cohn. "Double-check to find out: Who is the issuer? If it is not someone you know, think twice about buying."

Fraudulent auction and payment sites

If you do fall prey to the first scam, there is also a chance you could end up at a fraudulent site while paying for the item. Or you might find yourself at a fake auction site while bidding on an item. Escrow services such as PayPal allow businesses and consumers to securely and conveniently send and receive payments online.

However, escrow scams are increasing as fraudsters set up fake payment sites to con both buyers and sellers out of money, according to Unisys.

To ensure payment sites are legitimate and secure, Unisys security experts suggest checking to ensure the sites have SSL certification. Also check that the web address starts as https:// rather than just http:// as the absence of that "s" is often an indicator of rogue traders.

A real escrow company will also only ask you to transfer money to them directly from your bank, i.e. a traceable transfer. If they ask for another method, refuse. Before you send anything, verify with your bank where the receiving bank is located. If this looks like it is outside the seller's own country, stop the transaction.

Hacked Passwords

Another casualty of being phished is your password. Password theft is rampant during the holidays, according to security firm McAfee, which also compiled its own "12 Scams" for folks to watch out for this holiday season.

"Once criminals have access to one or more passwords, they gain vast access to consumers' bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user's account to their contacts," official with McAfee said.

Dangerous search terms

Andrew Brandt of Webroot recently blogged about how prevalent dangerous sites have become in search results. Brandt searched for news about Zhu Zhu Pets.

"What I found were a flood of fake alert sites mixed in with the legitimate search results," said Brandt.

The bad guys know what people want, and they are getting cleverer about devising dangerous sites that will be ranked high if a user searches for a popular term. Using the most up-to-date version of your browser can help. If you try and head to a malware-laden site, the latest version of today's browsers will often warn you first that the site contains dangerous content.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityChristmas

More about eOnlineFacebookGoogleMcAfee AustraliaPayPalSafeOnlineUnisys AustraliaWebroot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts