The Security for All “Twelve Days of Christmas” series concludes.
On the twelfth day of Christmas…
Twelve scams of Christmas
So thus ends the “Twelve Days of Christmas” series, with information from this article in Computing SA. While the article is clearly a McAfee promo peice, it still contains a lot of valuable information and good advice. Just remember they are hoping you will buy their stuff. One peculiar thing I noticed about the article is that the author must have a thesaurus that thinks “hacker”, “bad guy” and “attacker” are synonymous.
Bad Santas are making their lists and checking them twice, gearing up to rip off consumers online with common scams that take the happy out of the holidays.
- Charity phishing scams – The hackers send fictional e-mails that appear to be from well-known charitable organisations, such as the Red Cross, the Salvation Army, and Oxfam that direct consumers to fake Web sites designed to steal their money.
- E-mail Banking Scams – The bad guys send an official-looking e-mail that asks consumers to confirm account information, including their user name and password.
- Holiday e-cards – Scammers may send you an e-card that appears as if it’s coming from Hallmark asking you to download an attachment to pick up your e-card. However, the attachment isn’t really an e-card — it’s a Trojan.
- Fake invoices – The bad guys create a fake invoice or waybill and send it via e-mail as an attachment. Once the consumer opens the e-mail attachment there are a few variations: the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.
- You’ve got a new friend! – Sadly, in some cases, after clicking on the notice, you NOT only do not have a new friend-you have downloaded malicious software that you can’t even detect. Of course, it’s designed to steal personal and financial information.
- Dangerous holiday-related search terms – When clicking on the results of a “free Santa download” search, in addition to the Christmas-themed screensavers, puzzles, and pictures you find, you also could be clicking on adware, potentially unwanted downloads, and spyware.
- Coffee shop cybercriminal – Attackers can jump on an unsecured wireless Internet connection with a packet sniffer to see what Web sites users are visiting, the passwords they are using, and what bank accounts they are accessing.
- Password stealers – Attackers go after passwords for banks and e-commerce sites, multi-player online role playing games, instant messaging and finally, social networking sites.
- Fraud via auction sites – Scammers use the increased activity of the holiday season to prey upon new victims.
- Holiday-themed mail attachments and spam – The bad guys know that e-mails with holiday-inspired subject lines are intriguing to most consumers.
- Online identity theft – Sites that store your personal information can be vulnerable to cybercriminals who hack in to steal your identity.
- Laptop Theft – The bad guys can take the merry out of your Christmas by outright stealing your laptop.
So there you have it. Twelve interesting, possibly useful, even entertaining lists. Okay eleven lists and some killer music. In any case, I hope you enjoyed it.
Happy Holidays from Security for All