As we ramp up on the holiday season, many of us are turning to the Internet to shop for gifts, plan travel, and catch up with friends and family. But as we shift into holiday planning, we must not forget that cybercriminals are also excited for the season and are using creative means by which to steal our personal information and financial data.
According to a recent McAfee-commissioned study, 46 per cent of Canadians say they have encountered malicious activity while shopping online. To educate consumers on the most common online scams that criminals use during the holiday season, McAfee today released its annual “12 Scams of Christmas” list as well as a few safety tips.
As you head online this holiday season, McAfee wants to ensure that you are aware of the 12 Scams of Christmas, the most dangerous online scams expected to harm consumers during the holidays.
McAfee Study Finds Nearly Half of Canadians Have Encountered Malicious Activity While Shopping Online
McAfee spotlights “12 Scams of Christmas” to keep consumers’ digital lives safe
MARKHAM, ON, Nov. 12, 2013 – According to a McAfee-commissioned study from November 2013, 46 per cent of Canadians say they have encountered malicious activity while shopping online. As the holiday season ramps up and shoppers surf online to find holiday gifts, McAfee today released its annual “12 Scams of Christmas” list to educate the public on the most common scams that criminals use during the holiday season to take advantage of consumers as they shop for presents on their digital devices. Cybercriminals leverage these scams to steal personal information, earn fast cash, and spread malware.
This year, holiday shopping sales in Canada are expected to grow by 2 to 2.5 per cent . Online holiday shopping will comprise 18.9 per cent of holiday budgets . Given that consumers in Canada place a value of $32,000 on assets stored on their digital devices (globally, it’s more than $35,000) , they should ensure they are taking all precautions to protect the data saved on their devices. This is especially true for the 47 per cent of Canadian adults who use the Internet as their main means of banking and 19 per cent that use mobile banking .
Sixty six (66) per cent of Canadians say they are concerned about surfing the Internet1. With that in mind, consumers need to be aware of what information they are sharing, the money they are spending, and the way they are engaging across the digital landscape to make sure their identities and valuable information remain safe.
“The potential for identity theft increases as consumers share personal information across multiple devices that are often under protected,” said Michelle Dennedy, vice president and chief privacy officer at McAfee. “Understanding criminals’ mindsets and being aware of how they try to take advantage of consumers can help ensure that we use our devices the way they were intended – to enhance our lives, not inhibit them.”
To help consumers stay alert for greedy Grinches as they surf the Web for holiday travel deals and seek out gifts for their loved ones, McAfee has identified this year’s top “12 Scams of Christmas”:
1) Not-so-merry Mobile Apps—Official-looking software for holiday shopping, including those that feature celebrity or company endorsements, could be malicious, designed to steal or send out your personal data. Criminals can redirect incoming calls and messages, offering them the chance to bypass two-step authentication systems where the second step involves sending a code to a mobile device.
2) Holiday Mobile SMS Scams — FakeInstaller tricks Android users into thinking it is a legitimate installer for an application and then quickly takes advantage of the unrestricted access to smartphones, sending SMS messages to premium rate numbers without the user’s consent.
3) Hot Holiday Gift Scams — Advertisements that offer deals on must-have items, such as PS4 or Xbox One, might be too good to be true. Clever crooks will post dangerous links, phony contests on social media sites, and send phishing emails to entice viewers to reveal personal information or download malware onto their devices.
4) Seasonal Travel Scams — Phony travel deal links and notifications are common, as are hackers waiting to steal your identity upon arrival. When logging into an infected PC with an email username and password, scammers can install keylogging spyware, keycatching hardware, and more. A hotel’s Wi-Fi may claim that you need to install software before using it and instead infect your computer with malware if you “agree.”
5) Dangerous E-Seasons Greetings — Legitimate-looking e-cards wishing friends “Season’s Greetings” can cause unsuspecting users to download “Merry Malware” such as a Trojan or other virus after clicking a link or opening an attachment.
6) Deceptive Online Games — Before your kids are glued to their newly downloaded games, be wary of the games’ sources. Many sites offering full-version downloads of Grand Theft Auto, for example, are often laden with malware, and integrated social media pages can expose gamers, too.
7) Shipping-notifications Shams — Phony shipping notifications can appear to be from a mailing service alerting you to an update on your shipment, when in reality, they are scams carrying malware and other harmful software designed to infect your computer or device.
8) Bogus Gift Cards — An easy go-to gift for the holidays, gift cards can be promoted via deceptive ads, especially on Facebook, Twitter, or other social sites, that claim to offer exclusive deals on gift cards or packages of cards and can lead consumers to purchase phony ones online.
9) Holiday SMiShing — During the holidays, SMiShing is commonly seen in gift card messages, where scammers pose as banks or credit card companies asking you to confirm information for “security purposes.” Some even include the first few digits of your credit card number in the SMS message to fool you into a false sense of safety.
10) Fake Charities — Donating to charities is common this time of year for many looking to help the less fortunate. However, cybercriminals capitalize on this generosity, especially during natural disaster events, and set up fake charity sites and pocket the donations.
11) Romance Scams — With so many niche dating sites now available to Internet users, it can be difficult to know exactly who the person is behind the screen. Messages sent from an online friend can include phishing scams, where the person accesses your personal information such as usernames, passwords, and credit card details.
12) Phony E-tailers—The convenience of online shopping does not go unnoticed by cyber scrooges. With so many people planning to shop online, scammers set up phony e-commerce sites to steal your money and personal data.
“Tis the season to be wary, and as we shift into holiday-planning and shopping mode, we must not forget that we are not alone – cybercriminals are lying in wait,” said Brenda Moretto, Canadian Consumer Manager at McAfee. “They’re armed and ready to steal personal information and financial data shared on devices that are underprotected from malware, and they’re incredibly creative with the ways in which they go about doing it. One of the best methods of protecting yourself and your loved ones is to be proactive about your online safety by being aware of how they are trying to take advantage of you this holiday season.”
To keep consumers protected and ensure a happy holiday season, McAfee has shared additional safety tips:
● Review Apps
Review mobile apps carefully before downloading. Check the comments section and confirm the app’s legitimacy directly with the parties that the software claims are involved.
o Double-check that the “download” button is legitimate when attempting to install new apps on your phone.
o Use antivirus software and learn more about FakeInstaller here.
● Deals and Steals
If an offer seems too good to be true, it probably is. Purchase directly from the official retailer rather than from third parties online.
o Do your best to verify “low” prices on this season’s biggest sellers.
o Check gift cards that you receive for suspicious misspellings in the sender’s name or the name of the card company itself. Double-check IP addresses on the sites you use for shopping and look at customer reviews to verify an e-tailer’s legitimacy.
o Always check the domain name on shipping notification alerts and be cautious of any that you receive when you have not sent a package or requested them.
o Only download or buy games from reputable websites.
o Check in with retailers about the legitimacy of a deal you see advertised and talk to your children about how to spot and avoid online potential scams.
● Research Before Sharing
Banking and credit card companies should never ask you for personal information via text message. If you receive such a message, contact your bank directly via phone, secure website, or in-person. Some other specific examples include the following:
o Log on to trustworthy dating sites when looking for love online and be wary about sharing personal information of any kind to websites or individuals you encounter online.
o Do background research on the charity to which you’d like to donate and think before sharing any type of personal information on a website that looks suspicious.
● Be Cautious When Travelling
Before traveling, make sure all of the security software on your digital devices are up-to-date and run virus scans. If you’re asked for a username and password after clicking a link, try using a fake input on the first login attempt. The extra few seconds it takes to load confirms that the page is actually looking for valid username/password combinations; scam sites will let you right in.
If you do plan to search for deals online, use apps or open those shopping-related emails, make sure your entire household’s devices have protection, such as McAfee LiveSafe™, which protects all devices from your PCs, Macs, and tablets to your smartphone. It also includes malware detection software, McAfee® Mobile Security, to protect your smartphones or tablets from all types of malware. This app also guards you from the latest mobile threats and risky apps, offers enhanced privacy and backup features, location tracking and the SiteAdvisor® technology to help you steer clear of dangers when searching on a mobile device.
Additional Resources
● McAfee 12 Scams of Christmas List and Tips for Consumers to Stay Safe, go to: www.mcafee.com/12scams
● Infographic and Robert Siciliano’s thoughts on the latest scams:
https://blogs.mcafee.com/consumer/12-scams-of-holidays
● Michelle Dennedy’s article:
https://blogs.mcafee.com/consumer/family-safety/2013-holiday-online-scams
● Video: http://www.youtube.com/watch?v=DeS8z76hGdY&feature=youtu.be
● McAfee Canada resource site containing security information, statistics and access to McAfee surveys and studies: “The State of Consumer and Enterprise Security in Canada”
(http://mcaf.ee/canadastats)
About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe. http://www.mcafee.com.
McAfee Canada is headquartered in Markham, Ontario, with regional offices across Canada. The company’s Consumer Software Research and Development facility is based in Waterloo, Ontario.
Note: McAfee is a registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others.
