Every year, around this time, as people gear up for Christmas and New Year celebrations, scams start to skyrocket. According to Check Point, with the arrival of IoT devices, cybercrime has exponentially increased due to the weak security systems we see in these IoT devices from karaoke machines and connected home appliances like vacuum cleaners and coffee machines, to digital wallets on our mobile phones to new and improved tablets and even smart toys for kids.

According to a recent industry survey, Check Point says that Indians are demonstrating both caution and risk-taking tendencies during the festive season with 88 per cent checking online seller ratings before making purchases, though 19 per cent admit to be willing to purchase from a questionable website, resulting in the average amount lost in India to holiday shopping scams to be over Rs 20,000.

Check Point has shared 10 types of common holiday scams and tips to avoid them:

1. Deceptive social media advertisements: These direct users to fraudulent online stores that pinch credit card information and personal details. Falling prey to such schemes can result in monetary losses and identity theft.

How to avoid: To safeguard against scams involving social media ads and fake online shops, research a given store (look for customer reviews, ratings and testimonials from reputable sources), be sceptical of deals that seem too good to be true, install security software to protect devices, and monitor financial statements for any unauthorised transactions, reporting suspicious transactions immediately.

2. Delivery scams: These fraudulent messages falsely say that there will be a delay in shipping a product that you ordered, or they demand a payment fee under the pretext that it’s required for a package delivery.

How to avoid: To avoid falling victim to scams involving fake delivery notifications, verify the message source (confirm the legitimacy of the text message sender). Rather than clicking on links embedded in a notification, visit the official website of the delivery service, and input the tracking number to access accurate and up-to-date information. Further, you can always contact a delivery company directly, using their official contact details, to verify the status of your package.

3. Fake charities: Scammers have been known to create fake charities to profit or steal personal information. Some of these fake charities have been observed on GoFundMe.

How to avoid: To steer clear of these types of scams, verify the legitimacy of the charity by investigating the charity’s website. For crowdfunding campaigns, confirm the authenticity of the cause and the organiser, look for details such as the purpose of the campaign, how the funds will be used, and see if you can get a sense of the organiser’s credibility.

4. Fraudulent offers on airline tickets or scarce items: Numerous scams focus on the holiday surge in travel-related purchases or exploit the demand for sought-after products, enticing people to accidentally buy counterfeit tickets or merchandise.

How to avoid: Ahead of making a purchase, research the seller and/or the website, exercise caution if the deal seems too good to be true (unrealistic prices, especially for tough-to-find items, can indicate a scam), ensure that the website has a secure connection (HTTPS, not HTTP), carefully read the terms and conditions of the deal, and trust your instincts.

5. Phishing scams: Watch out for phishing emails that mimic emails from reputable brands. Scammers sometimes try to pose as representatives of familiar companies (Amazon, Walmart…etc.,). These deceptive emails employ social engineering tactics to illicitly obtain passwords, personal data and financial information.

How to avoid: Precautions such as reviewing sender information, remaining sceptical of unsolicited communications, and the avoidance of suspicious links can help. Verify giveaways or promotions by visiting an official company website. Install and regularly update reputable security software to enhance protection against phishing attempts.

6. Job scams: While job scams are a growing concern year-round, they tend to target individuals who wish to make extra income around the holidays. Fake job postings may promise substantial earnings for minimal effort. The scammers typically aim to pilfer personal information under the guise of a hiring process. Or, they try to deceive people into sending them money for ‘supplies and training’.

In India, it has been reported that around 56 per cent of job seekers face scams during their job hunt process according to Hirect, a chat-based direct hiring platform, with millennials aged between 20-29 being most exposed to scams and fraudulent job offers.

How to avoid: To steer clear of job scams, people should exercise caution if there appears to be an unrealistic compensation structure. Also, individuals should be sure to confirm the legitimacy of the organisation by checking its official details. Legitimate companies provide transparent and easily verifiable information online.
Further, a generic email address may indicate a job scam, as honest employers maintain a professional online presence. If a job requires payment for supplies or training, it’s best to avoid it. Don’t proceed with any job opportunity that raises doubts or concerns.

7. ‘Grandparent scams’: These predominantly prey on senior citizens, and involve impersonation of a distressed grandchild. The ‘grandchild’ typically requests money. In 2022, nearly 400 senior citizens fell victim to grandparent scams, leading to over $4 million in losses.

How to avoid: People with senior relatives can warn them about this scam. Seniors should question urgent requests for financial assistance, especially if they involve wire transfers or gift cards. If in doubt, those on the receiving end of suspicious messages are encouraged to directly contact other family members, using known and trusted phone numbers, to account for the seeming situation.

8. Hacking over public Wi-Fi: While airports, hotels, cafes and other frequented locations may offer free public Wi-Fi, these networks are known for being easily hackable. Scammers leverage a method known as man-in-the-middle (MiTM) to intercept data.

How to avoid: Keep your credit card numbers, passwords and personal details private by avoiding the temptation to shop online while out and about. Shop from safe and secured networks only. If you’re concerned about your home network security, consider a VPN, which can encrypt your internet connection and protect data from interception.
If conducting a transaction while out, you may want to use your cellular data network for the transaction, rather than public Wi-Fi as cellular connections are considered more secure.

9. Connected IoT and mobile entertainment risks: If you have a seven-hour flight ahead of you, with a two-hour layover, a mobile game can make the time pass quickly. However, take care in choosing a mobile game – some may compromise device security. While using an IoT device, ensure stronger security measures to promote safety. For example with smart toys, cybercriminals could eavesdrop on children, webcams could be used to record you while you change clothes, and voice assistants could spy on your home.

How to avoid: Before downloading any app, conduct a quick online search to gather information about it. Meticulously review the permissions that it requests. Note that a legitimate game should not require permission to send text messages or to share information with third parties. To further protect your IoT devices, secure everything properly out of the box, ensure you use strong passwords and MFAs (multi-factor authentication), install firewalls and update devices eliminate other unused IoT devices and where possible, use a VPN. If your child gets a new device, ensure you carefully educate them about the benefits and risks and help them secure the device, understand what threats lurk online and how to respond in the event of an attack.

10. Business email compromise (BEC) scams: Fraudsters impersonate company executives through email and text messages. These scams result in losses of billions of dollars annually. They exploit urgency and authority, attempting to persuade individuals to pay invoices for events like holiday parties or to respond to fake billing requests.

How to avoid: If you think that you might have encountered a BEC scam, check for red flags, look at the sender’s email address again, and confirm requests with executives (via separate and verified communication channels). Further, keep software, operating systems and security systems up-to-date. Report suspected BEC scams to your IT department or other relevant persons.


end of article

Source link