In the lead up to Christmas, many IT managers are reminding their company’s employees about some of the top scams coming in their inboxes over the holiday season.
Along with the usual ‘free vouchers’, holiday refund scams and bogus shipping notices, this year, cybercriminals have jumped on the back of the excitement leading up to the release of the highly-anticipated film Star Wars: The Force Awakens.
Stu Sjouwerman, founder and CEO of KnowBe4 has outlined the top five attacks you and your employees should know about over the Christmas period:
1. Black Friday/Cyber Monday Specials
This time of year, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods.
Sites that seem to have incredible discounts should be a red flag. Remember that when a "special offer" is too good to be true, it usually is. For instance, never click on links in emails or popups with very deep discount offers for watches, phones or tablets. Go to the website yourself through your browser and check if that offer is legit.
2. Free Vouchers or Gift Cards
A popular holiday scam is big discounts on gift cards. Don't fall for offers from retailers or social media posts that offer phony vouchers or (Starbucks) gift cards paired with special promotions or contests.
Some posts or emails even appear to be shared by a friend (who may have been hacked). Develop a healthy dose of skepticism and "Think before you click" on offers for or attachments with any gift cards or vouchers!
3. Bogus Shipping Notices from UPS and FedEx
You are going to see emails supposedly from UPS and FedEx in your inbox that claim your package has a problem and/or could not be delivered.
Many of these are phishing attacks that try to make you click on a link or open an attachment. However, what happens when you do that is that your computer gets infected with a virus or even ransomware, which holds all of your files hostage until you pay $500 in ransom.
4. Holiday Refund Scams
These emails seem to come from retail chains or e-commerce companies such as Amazon or eBay claiming there's a "wrong transaction" and prompt you to click the refund link.
However, when you do that and are asked to fill out a form, the personal information you give out will be sold to cyber criminals who use it against you. Oh, and never, never, never pay online with a debit card, only use credit cards. Why? If the debit card gets compromised, the bad guys can empty your bank account quickly.
5. Phishing on the Dark Side
A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, "Star Wars: The Force Awakens," due out on Dec. 18. However, the email is a phishing attack.
Leading up to the film’s release, and shortly after, you need to watch out for this social engineering attack and not fall for the scam.
In other Star Wars news, Disney will be releasing a Star Wars virtual reality experience designed for Google Cardboard.
The experience ties directly into the opening of The Force Awakens, and will be available through the official Star Wars app for iOS and Android.