With Black Friday and Cyber Monday under our belts, the 2013 holiday shopping season is officially in gear. It's the time of year for finding great gift bargains, helping people in your community, traveling to visit family and friends, and more. Cyber criminals also love the holidays, and they're poised with an arsenal of attacks, ready to spoil your holiday cheer.
You're probably familiar with the song The Twelve Days of Christmas. That's the song where the person ends up with 12 partridges in 12 pear trees by the time all is said and done, along with some random collection of maids-a-milking, lords-a-leaping, and drummers drumming, among other things. Well, McAfee compiled its own security-themed version called The 12 Scams of Christmas.
Here is a quick rundown of the 12 scams:
- Not-So-Merry Mobile Apps
- Holiday Mobile SMS Scams
- Hot Holiday Gift Scams
- Seasonal Travel Scams
- Dangerous E-Seasons Greetings
- Deceptive Online Games
- Shipping Notifications Shams
- Bogus Gift Cards
- Holiday SMiShing
- Romance Scams
- Phony E-Tailers
Most of the scams listed by McAfee are not unique to the holidays per se. There are fake shipping notifications, malicious apps, shady deals, and phishing attacks on any given day. What makes the holidays unique is that there are so many more legitimate emails, text messages, deals, and bargains, and people are so aggressively looking for holiday-related deals, so the opportunity for cyber criminals is exponentially greater.
You can visit the McAfee 12 Scams of Christmas page for more detailed description of each of the scams. All 12 are relevant threats, but the ones that seem to stand out as the biggest risk are those related to great deals on hot gift items, awesome holiday travel bargains, gift card scams, and fake or spoofed holiday charities.
During the holidays, it's more important than ever to use security best practices, and exercise a healthy dose of common sense. As a rule, if it sounds too good to be true, it probably is. No matter how much you wish it were true, retailers like Best Buy and Walmart are not in the habit of just randomly handing out free gift cards worth hundreds of dollars for the holidays, and you aren't going to find roundtrip airfare to Europe for $100. Of course, there are a number of legitimate bargains to be found, and that's what complicates things this time of year.
There are three things IT admins should do to guard company networks and data against these holiday cyber scams. First, double-check your password and security policies to make sure they're adequate. Second, make sure all platforms and applications are patched, and that your antimalware and other security software are up to date. Most attacks rely on exploiting known vulnerabilities, so this one step can help you identify and block many threats.
Finally, the most important step—make sure users are aware of the increased threat. Remind users to be suspicious by default, and practice safe shopping. Only visit credible, reputable websites, and don't open email attachments or click on links from unknown sources.
With some common sense and basic security practices, you can avoid most threats, and enjoy the holiday season without becoming a victim of the 12 Scams of Christmas.