The holidays are a time of giving gifts to family, friends, and those in need. Unfortunately, this is also when people and businesses become more susceptible to scams designed to trick them out of their money and/or to obtain their sensitive information.
In this blog post, we'll discuss four of the most common holiday-themed scams and how you can avoid falling victim.
1. Bogus charities
During the holidays, many individuals and businesses feel extra generous and want to donate to charities. Scammers exploit this generosity by setting up fake donation websites or contacting potential donors directly, pretending to be a legitimate charity. They may even use names similar to real charities to make their scam more believable.
That's why you should donate only to charities that you know and trust. If you're unsure whether a charity is legitimate, you can check them out on sites like Charity Navigator and GiveWell. You can also look at the charity's website to see how they plan to use the donations. If they haven't disclosed where the money will go, it's likely a scam.
Moreover, use a credit card instead of a debit card when donating online. This way, you can ask your credit card provider to reverse the charges in case the charity turns out to be a fraud.
2. Phishing emails
In a phishing scam, cybercriminals send emails where they pretend to be a legitimate company or individual. These emails usually contain a link that takes you to a spoofed website where you're asked to input personal information, such as your Social Insurance Number or credit card details.
During the holidays, phishing emails usually revolve around these themes:
Fraudulent travel packages
Pretending to be a hotel, resort, or travel agency, cybercriminals send out emails with links to spoofed travel sites that offer exclusive holiday travel packages. To view these packages, victims must provide their personal information.
Bogus online purchases
This scam involves emails that claim to be from Amazon, PayPal, or other eCommerce organizations. The message confirms the victim's supposed online order and instructs the victim to click the embedded link to dispute or cancel the order. However, after clicking on the link, the victim is prompted to enter their personal information to prove their identity. If a user inputs their credentials, cybercriminals can use the information to steal the victim’s identity or make fraudulent transactions.
Fake delivery notifications
In this phishing scam, the victim gets a message that looks like it's from the Canada Post, Purolator Courier (Canadian postal & courier services), or FedEx, notifying them of a failed delivery attempt or delayed shipment. The message usually contains a link that goes to a fake website where the victim can supposedly track the package's location. But before they use the tracker, they must first input their personal information.
To defend against phishing scams, look out for these telltale signs:
- Wrong spelling in the sender's email address (e.g., @amaz0n.ca instead of @amazon.ca)
- Generic greetings (e.g., Dear Sir or Madam) instead of your name
- Poor grammar or spelling anywhere in the email
- Message instilling a sense of urgency
- Link that directs you to a site that asks for your personal information
What’s more, never click on the links or use the contact details in the email. If you want to verify the sender's authenticity, go to the supposed sender’s official website to get their correct contact details.
Read also: COVID-19 phishing attacks
3. Fraudulent eCommerce sites
When looking for holiday gifts online, be wary of fake online shopping sites. These websites usually have discounts and deals that are too good to be true. Once you input your credit card information and hit the checkout button, your money will go into the cybercriminals' pockets.
That's why it's best to shop only on reputable sites. You should also be on the lookout for red flags that indicate a fake eCommerce site:
- The site's URL doesn't have "HTTPS," which means the site doesn't use encryption protocols to safeguard your personal information.
- There are no customer reviews.
- The contact information is incomplete or nonexistent.
- The website has grammatical or spelling errors.
When in doubt, don't hesitate to reach out to the supposed retailer directly to ask about the website. Use their contact number or email address, which you can find on their official website.
Always use the supposed company's contact number or email address, which you can find on their official website.
4. Fake temporary job listings
Since many people look for seasonal work during the holidays, scammers post fake job listings online, promising high pay with little to no experience required. After victims provide their personal information to apply for these jobs, they never hear back from the alleged employer because the "employer" was just after the applicants' information.
To avoid falling for this scam, apply for jobs only on legitimate job sites, such as Indeed and LinkedIn. Make sure to also research the company beforehand to see if it's a real business.
The best way to safeguard your business from these and other scams is by partnering with Quicktech. Our cybersecurity experts can significantly improve your security posture. Book a FREE consultation with us today.