Every holiday season, the population gears up for buying gifts and sharing celebrations. At home, we deck the halls and bake pies weeks, sometimes even months before the big days we celebrate together. At work, we gear up our businesses for big sales, holiday shipping logistics, and the usual rush for pre-and-post holiday customer service. Charities gear up to redistribute a little holiday cheer during the giving season, making the holidays a little more enjoyable for the less fortunate.
But individuals, families, businesses, and charities aren’t the only ones who gear up for the holidays. So do hackers. In fact, the holiday season is just as “festive” for social hackers who specialize in phishing as they are for those of us who celebrate with tinsel and sugar cookies.
The Holiday Hacking Trend
Hackers know that people are less attentive during the holidays, looking for opportunities to save and to find just a little more joy for everyone they know. This makes us, as a population, more prone to holiday-deal scams. Many of us worry and work hard to make the holidays perfect both financially and experientially for those we love. This makes us more prone to disaster-style scams.
The best defense against a Christmas Hacking is to know what’s coming. Know the risks, know the tactics, and know a scam when one tries to ruin your holiday cheer this year. Today, we’re spotlighting the top trends for holiday-themed phishing scams so you know how to avoid them and can warn your colleagues and loved ones to do the same.
1. “You’ve Won a Gift Card”
The single most likely kind of holiday hack is the tempting kind, the kind you want to click. There are millions of legitimate holiday deals to discover and take advantage of. There are deal-codes out there and digital gift cards to earn and spend. Avid online shoppers can save hundreds on family gifts each year being savvy. That is exactly why hackers target the gift discount market.
You may be told that you’ve won a gift card, or “Click Here” to access a great discount code for your favorite online stores. Watch Out. Learn what a legitimate offer looks like from your favorite brands, but don’t be tempted by ads and side banners. Especially watch out for “cold” emails that come with offers for products or sites that you did not sign-up for.
2. “There’s a Problem with Your…”
When hackers can’t get you with honey, they try vinegar. Many people are susceptible to responding with “problem” messages without care. This is especially true during the holidays when you are both distracted and worried about making your celebrations enjoyable for everyone this year. Often they will call pretending to be a platform you shop with or a bank you pay from when doing your holiday shopping.
“…Order”
“There’s a problem with your order” is something we all expect to see when buying dozens of gifts and large packs of decorations each holiday season. We’re ready for it. We’re ready to tackle any shipping delay, any back-ordered gift. In fact, we often pounce on these emails, eager to knock out the potential blemish on your Christmas cheer. But don’t click too fast.
Check the sender, the letterhead, and the log in and check your actual order status before responding to any “problem with your order” email.
“…Payment”
“There’s a problem with your payment” , however, is a message we all dread. Ideally, the cards we shop with online are carefully balanced and paid to take the load. Most of us are correct most of the time, and payment issues usually mean a technical malfunction – or something has gone terribly wrong. We naturally respond to payment problems with some dread, even panic, which can lower your defenses.
Again, don’t click immediately. Don’t call back, don’t email the referenced account. Instead, check first your online order status, then your online bank account before reacting. If the message is the only blip on your radar, it’s likely a scam. Likely one designed to ultimately steal your payment information.
“…Account”
“There’s something wrong with your account” is one of those general error messages designed to cause you to act without raising alarm. Something wrong with your account could mean a catastrophic hold on getting your gifts on-time. Or it could mean your phone number needs to be updated from a recent change. It could mean there’s a back-ordered gift or it could mean that your entire account has been suspended. The message is purposefully vague or worded specifically to frighten you. The only goal is to get you to click, reveal your password, or enter you information onto a false page. Don’t do it.
For the third time, the answer to all of these “There’s a problem with” scams is to simply check your legitimate account, order, and payment status. If everything is OK when going through the proper channels, you’re being scammed and now it won’t work.
3. “Please Confirm Your Information”
When shopping from new venues for specialty gifts, it’s not uncommon to be asked for some confirmation. From legitimate brands, you might be asked to confirm your desire for the order, confirm your address, indicate if the order is a gift, or specify something about the order that is new to you. Shopping for others and with specialty brands often results in a quick email or phone check-in.
Know the difference between real and fake requests for information. Double-check that the order numbers, brands, and domain names line up. Confirm that the message is even in reference to a real order, sometimes hackers send out “chain” emails designed for readers to assume the message is about a recent holiday purchase. The holidays are a great time for swinging these assumptions.
If you’re not sure, find the proper support email or phone line and call in, instead of answering the suspicious message. Some brands do have a less-than-corporate style but their messages are legit, and hackers take advantage of this.
4. “__X__ Gift Return Process”
Finally, watch out for any message offering to “help” you return gifts after the holidays. No brand or marketplace wants returns. Some brands are more open to helping with product and packaging defects, but they never invite you to return an item. These offers almost exclusively come from hackers (and if not hackers, shady post-retail services) that are looking to collect the personal information you might share while processing a return.
If you didn’t personally submit the return request, don’t assume an offer to expedite your returns is legitimate. No matter what platform or market they claim to represent. If this scam does appear, get in touch with your actual provider and let them know that their customers are being targeted.
—
If you have received one or more holiday hacks, protect yourself. Avoid sharing information or clicking anything that might contain malware. Links, files, and even response emails can be dangerous. Even if the hacker seems to have information or your order number, this information is often first stolen in bulk, then used to target individual shoppers. Don’t become a holiday scam statistic. Instead, become a bastion of security and help everyone you know avoid the usual wave of holiday scams as well.
For more insights on social hacking tactics and how to avoid them, contact us. Happy holidays!
