Rudolph the Red Nosed Cybercriminal: Unveiling the Holiday Scams you need to watch out for.

The holiday season is the perfect opportunity for any tech-savvy criminal to strike. 

Picture this: It is the 21st of December and you have not yet bought your mother-in-law their favourite candle or your nephew the PlayStation game they have been eagerly requesting for months (although you personally think he should be on the naughty list). Like any concerned citizen, you rush to the internet and try to order the gifts. You take too long browsing, because you just can’t remember whether your mother-in-law would prefer the “Fresh-Cut Roses” or the “Flowers in the Sun” candle. So, in a moment of panic, you order both candles and pay extra for fast shipping. Your wallet is now 55 euros lighter, but fear not, the magical gifts are hurtling towards you like Santa on roller skates. 

The day after your hasty scented purchase, you receive a “missed delivery” warning by email.

Dear Sir,

We attempted to deliver you package at 09:34 on Friday, 22 December 2023 but no one was available.

Your parcel was returned to our depot and you need to reschedule your package delivery. 

The first delivery attempt was free of charge. To schedule a new delivery, a shipping fee must be paid.

Your action is required. If this item is unclaimed by the return date, then it will be returned to the sender. 

Your face turns red. How did you miss the delivery? You have been home all day! Nevertheless, you fill in your banking details with lightning speed and bravely face the fee. 

Little do you know, you have just fallen prey to a delivery notification scam. 

And while Kevin McCallister can easily defend his home against the Sticky Bandits through traps and tricks, it is harder for you to protect yourself against online scammers when you are unaware of the lurking threats.

To help you out, here are the top 12 scams you need to watch out for during the holiday season (but also the rest of the year):

Delivery notification scams

Delivery notification scams involve sending fake delivery notifications via email or text, which link to phishing websites created to steal personal information. Indeed, many delivery scams contain a “tracking link” that you are strongly encouraged to click on to update your delivery or payment preferences. It may also happen that you receive a voicemail message with a call-back number. These scams are used to prompt you to enter personal information, such as your home address or banking details, or to install malware on your electronic devices. Most frequently, individuals receive emails which claim that a customs fee or tax must be paid before the delivery can be made.

To avoid such scams, it is recommended to always use the official tracking tools of the retailer or post office and refrain from clicking on unrelated links in emails or text notifications that are unrelated.

Phishing scams

Phishing scams are emails that often tell a story to trick individuals into clicking a link or opening an attachment. During the holiday season, Christmas-themed emails are sent containing fake charity requests, brand offers or surveys. These often lead to websites designed to steal your personal information. The danger of these emails lies in their adept crafting using advanced techniques such as AI, which renders them nearly indistinguishable from messages originating from reputable brands. So next time you receive a two for one deal on vintage watches from a famous luxury brand, think twice before clicking on the link. 

Ad scams on social media

Ad scamming is a type of fraud that is often committed on social media networking sites. Scammers create fake profiles, befriend people, and send them links to malicious websites where their payment information will be stolen. These fraudsters also utilise the platforms to publish deceptive advertisements for exclusive or rare items, often offered at unusually low prices. 

URL spoofing and fake websites

URL spoofing can be best described as “the process of creating false or fake URLs which pose as another website”. The spoofed URL is hard to identify as it appears to be nearly identical to an actual URL. These fake URLs lead to bogus websites that mimic legitimate online retailers and steal your personal data or take your money for products that you will not receive. Hackers know that people pay much less attention to the content of a link than they do to the contents of a webpage. Common URL spoofing tactics include misspelling a link or using a URL shortener. 

Charity fraud

During the holidays, most of us are spreading generosity like confetti. However, cybercriminals are quick to take advantage of our cheerful moods and set up fake charities for causes that appeal to you. Donations are often solicitated through compelling emails or social media campaigns. 

Travel scams

This one is aimed at those of us who would rather spend their holidays sipping cocktails on the beach in Bora Bora than drinking eggnog in the cold. Travelling comes at a price, especially during the holidays, which makes it the perfect opportunity for scammers to offer unrealistically cheap travel deals. These deals are offered through fake websites and phishing emails, and involve fake airline tickets, hotel bookings, etc.

Mobile app frauds

Deceptive mobile applications, frequently posing as authentic shopping apps, have the potential to steal your credit card information or compromise your device with malware. While these apps may be downloaded from the official app stores, they often have a very low number of downloads and are very badly rated.  Maybe you don’t actually need that “Where is Santa Clause?” app…

Recommendation: Download the app directly from the retailer’s official website.

Gift card scams

Gift cards are very popular during the holidays. However, be wary of websites that offer “free gift cards” or sell discounted ones that have already been previously used. These fake cards are offered on unofficial websites or through social media ads. 

It may also happen that you inadvertently give a real gift card to a scammer. This happens in cases where the criminals disguised as tech support ask you for the gift card number and PIN. This enables them to steal the funds you have loaded onto the card, even if you still possess the card physically. 

Bogus product reviews

These are positive reviews written by malicious actors on products that are either non-existent or substandard. These reviews have the power of making individuals trust the product when it is only a fraudulent tactic to make them buy it. Best thing to do is to note the time stamps of the reviews. If they have been all posted on the same day, it is probably best to not trust them. Additionally, be wary of identical phrasing in multiple reviews and whether they are referring to the right product.

Job offer scams

Job offers for seasonal positions are frequent during the holiday season to keep up with the influx of Christmas shoppers. To respond to this demand, scammers create fake job offers online to acquire an individual’s personal information and bank details. Commonly, scammers will ask for an applicant’s driver license, ID or bank details when an individual submits their application. However, it is important to bear in mind that reputable employers are not likely to request government-issued IDs or bank account information at the application phase of the hiring process. 

Malicious holiday e-cards

Another scam to look out for in your emails during the holiday season are e-card scams. Cybercriminals send over electronic greeting cards that contain malware, ransomware, or various other threats to one’s data. These e-cards often claim to be from someone you know and include a heartfelt message. Businesses and small companies are particularly vulnerable to such scams, where fraudsters disguise themselves as employers or employees sending cards to assess their ability to steal business information.

Hacked charging stations

Last but not least, as there is a surge in travel during the holiday season, scammers use this opportunity to steal travellers’ information through public Wi-Fi networks or by simply hacking the public charging stations. Think about those charging spots in airports, shopping centres or in the bus/train. They might be highly convenient for anybody travelling for an extended period of time, but this is also the case for cybercriminals, who can easily use these stations to install malware on devices and steal personal data. 

Implementing good cyber hygiene is the solution when it comes to these 12 Christmas-themed scams. So be like Kevin, take proper precautions and put those cybercriminals on Santa’s naughty list!

Author: Maëlle Picout (TRILATERAL RESEARCH)

Review and contributions: Sarah Murray & Nikola Tomic (TRILATERAL RESEARCH)

References

  1. Think Business.”The 12 scams of Christmas to watch out for infographic.” Accessed December 21, 2023. https://www.thinkbusiness.ie/articles/christmas-scams-infographic/.
  2. Whitworth, Dan. “Warning Christmas shoppers may lose 100m in scams”. BBC News. December 13, 2023. https://www.bbc.com/news/business-67616952.
  3. Cliss, Sarah. “Cambridgeshire Police: The 12 frauds of Christmas”. Citizen Fenland. December 10, 2023. https://www.fenlandcitizen.co.uk/news/cambridgeshire-police-the-12-frauds-of-christmas-9343691/.
  4. An Garda Síochána.”Online Shopping Fraud Awareness-16th December 2022.” Accessed December 21, 2023. https://www.garda.ie/en/about-us/our-departments/office-of-corporate-communications/press-releases/2022/december/online-shopping-fraud-awareness-16th-december-2022.html.
  5. Gallagher, Conor. “Consumers urged to be wary of parcel delivery scams ahead of Christmas.” The Irish Times. December 11, 2023. https://www.irishtimes.com/news/crime-and-law/consumers-urged-to-be-wary-of-parcel-delivery-scams-ahead-of-christmas-1.4434362.
  6. Wood, Zoe. “Christmas shoppers warned over ‘missed delivery’ scams.” The Guardian. December 18, 2023. https://www.theguardian.com/money/2023/dec/18/christmas-shoppers-warned-over-missed-delivery-scams.
  7. Turner, Nathan. “12 Christmas Scams to Watch Out for This Holiday Season.” Internext. November 30, 2023. https://blog.internxt.com/holiday-scams/.
  8. Federal Communications Commission. “How to identify and avoid package delivery scams.” Accessed December 21, 2023. https://www.fcc.gov/how-identify-and-avoid-package-delivery-scams.
  9. Federal Trade Commission Consumer Advice. “How to recognise and avoid phishing scams.” Accessed December 21, 2023. https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams.
  10. Masjedi, Yaniv. “The Worst Social Media Scams of 2023 & How to Avoid them.” AURA. December 5, 2023. https://www.aura.com/learn/social-media-scams.
  11. USAgov. “Top scams to watch out for in 2023.” Accessed December 21, 2023. https://www.usa.gov/features/top-scams-2023.
  12. Santos, Bekah. “What is URL spoofing? Everything you need to know.” IPVanish. March 10, 2023. https://www.ipvanish.com/blog/url-spoofing/.
  13. Federal Trade Commission Consumer Advice. “Avoiding and reporting gift card scams.” Accessed December 21, 2023. https://consumer.ftc.gov/articles/avoiding-and-reporting-gift-card-scams.
  14. Consumer Reports. “How to spot fake online reviews.” July 4, 2023. https://www.consumerreports.org/money/customer-reviews-ratings/how-to-spot-fake-online-reviews-a1345282053/.
  15. Benny, Alina. “20+ Early Warning Signs That All Point to a Job Scam in 2023.” AURA. June 7, 2023. https://www.aura.com/learn/how-to-identify-job-scams.

Photo sourced from Canva.com