12 Scams of the Holidays

Tuesday, December 22, 2009


The holidays are one of the busiest times of year for online scammers. Not only do millions of consumers go online to shop, but many also let their guard down as they get caught up in the festive mood. Keep cybercriminals from taking the joy out of your holidays this year by familiarizing yourself with the top scams and how to avoid them.



  1. Charity phishing scams
    Knowing that consumers like to give this at time of year, hackers send out fake emails requesting donations that appear to be from legitimate charitable organizations. However, these emails usually link to phony websites that take your money without passing it along to a good cause.
  2. Holiday e-card scams
    More and more people are sending holiday e-cards instead of regular cards because they are convenient and “environmentally green.” Cybercriminals will send you an e-card, asking you to download an attachment to pick up your card. However, the attachment isn't really an e-card—it's malicious software ready that installs on your computer without your knowledge and wreaks havoc.
  3. Email banking scams.
    Scammers are aware that during the holidays more people shop online and want to make sure their transactions are approved. Some bad guys send an official-looking email that asks you to confirm account information, including your username and password—often with ominous warnings that your account will become invalid if you don’t comply. Never respond to email requests for your personal or financial data.
  4. Fake invoice scams
    During the holiday season, you may shop online, over the phone, or through catalogs. This is no secret to stealthy scrooges who try to trick you into giving away personal financial details through fraudulent invoices. These criminals send you an email with a fake invoice or delivery notification that appears to be from FedEx, UPS, or the U.S. Customs Service. The email asks you for your credit card details so that your account can be credited or requires you to open an invoice or customs form to receive the package. When you comply, your information is stolen or malware is unleashed on your machine.
  5. “New friend request” scam
    With the holidays approaching, many people like to rekindle old friendships on popular social networking sites and are excited about receiving a message informing them that they have a “new friend request!” Unfortunately, scammers like to take advantage of users’ excitement and send out phony friend requests that appear to be from a social networking site but actually link to malware such as viruses, Trojans, and even keylogging software that can record your keystrokes, including passwords that you type in.
  6. Dangerous holiday-related search term scams
    We often search the web for ways to spread holiday cheer, like downloading a Santa screensaver or holiday ringtone. However, you could be downloading a whole lot more than you bargained for, such as malware or spyware.
  7. Job-related email scams
    Scammers know it’s nice to have a little extra cash around the holidays, so they send emails to entice job hunters with promises of high-paying jobs and work-from-home moneymaking opportunities. Once you submit your information to them, the scammers are off and running with your information—and your money.
  8. Password-stealing scams
    Having your password stolen is a sure way to spoil your holidays. Thieves use low-cost tools to guess your password or deliver malware that records computer keystrokes (keylogging) as you input your password. And, according to the experts, virtual on-screen keyboards do not protect from keylogging.

    Once criminals have your password, they can access your bank, credit card, or other online accounts to take money from you. They can also use your accounts to spam your friends and networks.
  9. Fraud via auction sites
    Hackers know that visits to auction sites increase over the holidays, so they often lurk on these sites, hoping to con you out of your hard-earned cash. If an item looks too good to be true, it probably is. Be sure to review the seller’s ratings and feedback. Also, pay with your credit card, since credit card companies usually reimburse you if there is a fraudulent charge.
  10. Holiday-themed email attachments and spam
    This time of year, we are more apt to open emails that invite us to look at attachments containing holiday-themed pictures or messages. Scammers understand this and will try to lure you into opening these attachments or to click on links that download malware.
  11. Online identity theft
    With so many people shopping online during the holidays, cybercriminals come out in force by setting up fake websites designed to steal your information and, ultimately, your identity. Be careful about sites that store your online information, and make sure you don’t shop from a public computer since other users may be able to access your stored usernames and passwords. To assess your risk of identity theft, take our Identity Theft Risk Assessment.

    One rule of thumb is to shop only from websites that use encryption, or scrambling, to protect your information. Make sure the website address begins with “https:” instead of “http:”. This indicates that encryption is being used. To read more tips for staying safe while shopping online, please visit here.
  12. Ransomware scams
    We’re used to seeing more online scams around the holidays, so this latest trick takes advantage of our desire to keep our systems virus free. “Ransomware” is a Trojan that acts as though it is running a virus scan on your machine. It tells you that viruses have been detected and that you must pay for phony security software to clean your machine. Meanwhile, you are locked out of your system and you cannot open or access any applications until the payment is made.

How to Arm Yourself Against Holiday Scams, or Any Scams, Any Time of the Year:

  1. Use common sense—If it sounds too good to be true, it probably is. If you’re ever in doubt about something being legitimate, don’t click on it.
  2. Educate yourself—Keep up-to-date about the latest scams and tricks cybercriminals use to grab your information so you can avoid potential attacks.
  3. Use a comprehensive computer security—You need complete protection that includes anti-virus, anti-spyware, anti-spam, and a firewall and make sure it is up to date. Software like McAfee® Total Protection can help protect you from malware, phishing, spyware, and other common and emerging threats.
  4. Practice safe surfing—Use a safe search plug-in like McAfee SiteAdvisor® software to warn you of a website’s safety rating before you access it. SiteAdvisor uses intuitive red, yellow, and green checkmarks to rate websites when you search for them.
  5. Practice safe shopping—Don’t divulge unnecessary information on e-tailer sites. Make sure you check for trustmarks, like the McAfee SECURE™ mark, which indicate that the site has been verified as safe by a trusted third party; look for a lock symbol; check the web address for “https”; and use a credit card for payment.
  6. Create strong passwords—Use complex passwords consisting of a combination of letters, numbers and symbols, and vary them between accounts—and never share your password with anyone.
  7. Click with caution—When you’re checking your email or chatting over instant messenger (IM), be careful not to click on any links in messages from people you don’t know.
  8. Be suspicious—Even if you consider yourself cyber savvy, you still need to keep your guard up for any new tricks and be proactive about your safety.

To learn more about how to stay safe online, visit the McAfee Security Advice Center at www.mcafee.com/advice.

0 comments

Post a Comment