After checking it twice, McAfee today released its list of the “12 Scams of Christmas” to raise awareness and warn consumers of online scams designed to steal their money, personal information, or identities.
Cybercriminals know that people are spending more time online preparing for shopping adventures and vacation extravaganzas, and they’re trying to capitalize on holiday cheer by lying, cheating, and stealing. Amidst all the excitement and mayhem of holiday activities, it’s easy to fall prey to their scams. McAfee seeks to educate consumers on the dangers that await them, and this list details the myriad creative tactics employed by cybercriminals this year, ranging from phony Facebook promotions and contests to holiday phishing scams, from online coupon cons to hotel “wrong transaction” malware emails.
Additionally, check out this blog post from Brenda Moretto, Manager of Canadian Consumer Sales at McAfee, which provides tips on how consumers can avoid being victimized:
McAfee Warns Consumers of the “12 Scams of Christmas”
Cybercriminals Work Overtime During Holiday Season, New Threats Hit Mobile, Email and the Web
MARKHAM, Ontario, Nov. 9, 2011 – ‘Tis the season for consumers to spend more time online shopping for gifts, looking for great holiday deals on new digital gadgets, planning vacations and of course, using online or mobile banking to make sure they can afford it all. But before logging on from a PC, Mac or mobile device, consumers should look out for the “12 Scams of Christmas,” the dozen most dangerous online scams this holiday season as revealed today by McAfee.
“It’s the time of year when retailers ramp up their online efforts, and cybercriminals are doing the same,” said Brenda Moretto, Manager of Canadian Consumer Sales at McAfee. “Whether they’re making travel plans, shopping for gifts and bargains, or connecting with friends on social media sites, consumers are increasing the amount of time they spend giving away information online. What’s more, the vast majority of them don’t have security protection on their Internet-enabled devices, despite using them heavily during the holiday season. Consumers need to stay one step ahead of the cybercriminals with complete protection for all of their devices in order to avoid giving the bad guys the biggest gift of all – their personal and financial information.”
McAfee’s List of the 12 Scams of Christmas
1. Mobile Malware – Malware targeted at mobile devices is on the rise, and Android smartphones are most at risk. In its Q2 2011 Threats Report, McAfee cited a 76 per cent increase in malware targeted at Android devices as compared to the previous quarter, making it the most targeted smartphone platform.1
Additionally, security experts have recently found new malware that targets QR codes, a digital barcode that consumers might scan with their smartphone to learn about products they want to buy or find good deals holiday shopping deals.
2. Malicious Mobile Applications – These are mobile apps designed to steal information from smartphones or send out expensive text messages without a user’s consent. Dangerous apps are usually offered for free and masquerade as fun applications, such as games. For example, last year, 4.6 million Android smartphone users downloaded a suspicious wallpaper app last year that collected and transmitted user data to a foreign and suspicious site.
3. Phony Facebook Promotions and Contests – Who doesn’t want to win some free prizes or get a great deal around the holidays? Cyberscammers know that these are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information.
A recent scam advertised two free airline tickets, but required participants to fill out multiple surveys requesting personal information. Once collected, this information was given to telemarketers.
4. Scareware, or Fake Antivirus software – Scareware is the fake antivirus software that tricks users into believing that their computer is at risk or is already infected, so they agree to download and pay for phony software. With an estimated one million victims falling for this scam every day, this is one of the most common and dangerous Internet threats. In October 2010, McAfee reported that scareware represented 23 per cent of all dangerous Internet links, and this percentage is expected to rise during the holiday season.
5. Holiday Screensavers -Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screensaver that promises to let you “fly with Santa in 3D” is malicious. Holiday-themed ringtones and e-cards have been known to be dangerous as well.
6. Mac Malware – Until recently, Mac users felt pretty insulated from online security threats, since most were targeted at PCs. But with the growing popularity of Apple products, for both business and personal use, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee LabsTM, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 per cent month on month.
7. Holiday Phishing Scams – Phishing is the act of tricking consumers into revealing information or performing actions they wouldn’t normally do online. Cyberscammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.
● A common holiday phishing scam is a phony notice from a local courier service stating that you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer.
● Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.
● Smishing – SMS phishing remains a concern. Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated and collects the user’s personal information including social insurance number, address and account details.
8. Online Coupon Scams – Couponing has become wildly popular and there’s nothing better than a deal during the holidays. Scammers know that by offering irresistible online coupones, they can convince people to hand over some of their personal information.
● One popular scam is to lure consumers with the hope of winning a “free” iPad. Consumers click on a “phishing” site, which can result in email spam and possibly dealing with identify theft.
● Consumers are offered an online coupon code and once they agree, are asked to provide personal information, including credit card details, passwords and other financial data.
9. Mystery Shopper Scams – Mystery shoppers are people who are hired to shop in a store and report back on the customer service. To many consumers, this sounds like a great way to make a little extra cash during the holidays. Cyber scammers use this opportunity as a way to lure people into revealing personal and financial information. There have been reports of scammers sending text messages that offer to pay $50 an hour for mystery shoppers to unsuspecting victims, and instructing them to call a number if they are interested. Once the victim calls, they are asked for their personal information, including credit card and bank account numbers.
10. Hotel “Wrong Transaction” Malware Emails – Many people travel over the holidays, so it’s no surprise that cybercriminals have designed travel-related scams in the hopes of enticing people to click on dangerous emails. In one recent example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloaded malware onto their machine.
11. “It” Gift Scams – Every year there are hot holiday gifts, such as toys and gadgets, that sell out early in the season. Gift-givers sometimes become desperate to obtain the “it” gift and they search high and low for it online. When a gift is hot, scammers will advertise these gifts on rogue websites and social networks, even if they don’t have them. Consumers thus wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse.
12. “I’m away from home” Scammers – A lot of consumers will travel over the holidays without realizing that posting information about their absence on social networking sites could actually be dangerous. Some users are connected on Facebook and other social networking sites with people they don’t know. There is always the possibility that they will view status updates about being away on vacation as invitations to rob their homes, especially since quick online searches can easily turn up their home address.
“Cybercriminals are becoming more creative with the ways they try to steal money and personal data,” said Moretto. “Consumers need to stay on top of securing all of their devices as well as being cautious about providing personal information.”
How to Protect Yourself
According to a recent Leger Marketing survey commissioned by McAfee Canada, only 21.6 per cent of Canadians believe they are protected from the increasing number of threats on the Internet.2 Internet users can protect themselves from cybercrime with the following quick tips from McAfee:
● Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them.
● Be extra vigilant when reviewing and responding to emails.
● Watch out for too-good-to-be-true offers on social networks (like free airline tickets). Never agree to reveal your personal information just to participate in a promotion.
● Don’t accept requests on social networks from people you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home.
Be sure you have active, comprehensive protection for all of your devices. McAfee® All Access is the only product that lets you protect a wide variety of Internet-enabled devices, including PCs, Macs, smartphones, tablets and netbooks, for one low price for individuals and families. To learn more, visit http://home.mcafee.com/store/all-access-security.
Special offer from McAfee
As millions of consumers begin to search and shop online during this holiday season, McAfee understands the importance of being aware of cybercriminals’ tactics and knowing how to stay protected from identity theft and online fraud.
From November 9 – 15, McAfee will be offering a complimentary PDF copy of a new book on www.facebook.com/mcafee called 99 Things You Wish You Knew Before®… Your Identity Was Stolen, authored by identity theft expert Robert Siciliano. The book will be available in print, ePub and PDF, and can be found on Amazon, Amazon Kindle, the Sony eBook Store, and at http://www.99-series.com/store.html from $5.9 9-$14.97.
In the book, Robert organizes, simplifies and demystifies the entire issue of identity theft and computer fraud into bite-size chunks to help consumers, families, employees and small businesses secure themselves and their assets. Consumers will learn the differences between scareware, ransomware and spyware; about the types of cybercriminals, such as a Black Hat, Cracker, Script-kiddie and Hacktivist; and how to protect their identity online and in the physical world.
● For the complete 12 Scams of Christmas article, go to https://blogs.mcafee.com/consumer/12-scams-of-the-holidays-do-not-let-cybercriminals-steal-your-holiday-spirit
● Web surfers should visit the McAfee Security Advice Center and Facebook page at www.facebook.com/mcafee for information on the latest threats, and tips on surfing safely.
● VIDEO: A New World of Threats
● VIDEO: History of Malware
1 McAfee: McAfee Threats Report: Second Quarter 2011. August, 2011.
2 The online survey of 1,500 Canadians, 18 years of age or older, was completed over the period May 24 – 26, 2011 by Leger Marketing. A probability sample of the same size would yield a margin of error of +/-2.5 per cent, 19 times out of 10.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security.
McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com
McAfee Canada is headquartered in Markham, Ontario, with regional offices across Canada. The company’s Consumer Software Research and Development facility is based in Waterloo, Ontario.
Note: McAfee is a registered trademark or trademark of McAfee, or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. © 2011 McAfee All rights reserved. The product plans, specifications and descriptions herein are provided for information only, subject to change without notice, and without warranty of any kind, express or implied.