• United States



by Senior Editor

7 Scrooge-worthy scams for the holidays

Dec 13, 20107 mins
CybercrimeDLP SoftwareHolidays

All crooks want for Christmas is to steal your money and sensitive information. Security experts give tips on how to avoid a holiday-themed highjinx.

The holiday scam season is upon us.

For Beth Jones, a senior threat researcher with Sophos, this time of year means an upswing in fraudulent activity online. Between malware authors looking to infect machines, and identity thieves hoping to con consumers out of credit card information, this is the prime month for behavior that qualifies for the naughty list.

“The two-week mark before Christmas is when things start to ramp up out of control,” said Jones. “Spammers and malware authors focus on when the attention is going to be there. That’s generally two weeks before a holiday.”

Read about other common social engineering scams and how to detect them

And you don’t need to be shopping online to get caught in one of their traps. Even checking out email or spending time on Facebook and Twitter has its risks for the unaware. Here are seven holiday humbugs to avoid.

Holiday scam 1: “Free iPad giveaway!”

Apple’s recently-released iPad is a popular item this holiday season, so naturally criminals are using that to hook people.

I have seen so many ‘Get a free iPad by filling out a survey’ ads already,” said Jones. “Kinect (for the gaming system Xbox 360) is the other one.”

But usually these offers are just a ploy to get you to a site where you are typically asked for credit card numbers ‘to cover a small shipping charge’ or other sensitive information in order to receive the prize. Your credit information is used by the con artist for nefarious purposes, and you get nothing. Stay away from these kinds of offers, said Jones.

“Apple is not going to give out a free iPad. They are not going to authorize anyone to give out a free iPad.”

Researchers at McAfee Labs also found this ruse running rampant on Facebook and Twitter.

“In the social media version of the scam, users take a quiz to win a free iPad and must supply their cell phone number to receive the results. In actuality they are signed up for a cell phone scam that costs $10 a week. “

Holiday scam 2: Fake gift cards

“There seems to be a big-affiliate scam going around of free gift cards,” noted Jones.

But these gift card offers are really just an identity theft gimmick in disguise with the goal of stealing your information to sell if off for profit. Avoid them. Retailers are not giving out free gift cards just because you fill out a survey.

McAfee researchers said “One recent Facebook scam offered a ‘free $1,000 Best Buy gift card’ to the first 20,000 people who signed up for a Best Buy fan page, which was a look-a-like. To apply for the gift card they had to provide personal information and take a series of quizzes. “

Holiday scam 3: Stripped gift cards

Gift cards have become a common go-to present for many folks. But now criminals have figured out a way to render them worthless, according to Tom Browning, vice president of corporate compliance and Chief Security Officer with AlliedBarton.

“With the gift cards, the mission is to sell, sell, sell,” said Bornwing. “So they are displayed in places that are easily accessible to people. You’ll often see these things right on a front counter or in a display rack in a grocery store.”

But their accessibility also makes it easy for criminals to take advantage. Browning said many use a scanner that can be purchased cheaply to read the code behind the magnetic or scratch-off strip on the back of the card. With that, and the card number on the front, they can steal the value of the card. This leaves the buyer who purchased the card legally with a worthless piece of plastic.

Even if a card isn’t preloaded, a thief can steal the card number and security code and call the 800 number shown on the card every few days to check the balance. Once a shopper purchases the card and loads it with a dollar amount, the thief can spend it before the purchaser does, said Browning.

Browning advises trying to safeguard any gift cards you purchase by buying them from stores which keep them behind a register. He also recommends checking with the cashier when purchasing the card to ensure there is a valid balance before you leave the store. And look over the card yourself, he said. Does it have creases or markings? Is the strip on the back in perfect condition? If the card looks at all suspicious, pass it up.

“I wouldn’t say don’t purchase any gift card,” said Browning. “They make a great gift alternative. But the chance that they have been tampered with when they are out in a place accessible to everyone is high. Hold yourself accountable by taking the proper precautions before you buy.” (Also see Facebook sues over free gift card, dislike button scams.

Holiday scam 4: “You’re preapproved for this credit card!”

In tough times, consumers may be particularly vulnerable to this one since credit is difficult to obtain for folks without a job or with bad credit. But these credit offers are often advance credit schemes, according to McAfee Labs. Such offers arrive in the form of spam emails advertising prequalified, low-interest loans and credit cards if the recipient pays a processing fee—which then goes directly into the scammer’s pocket.

Holiday scam 5: Bad e-cards

Malware-laden e-cards are a “holiday tradition in and of itself now,” said Jones. She traces it back several years, but recalls a really bad year in 2007.

“They (malware authors) were sending out variants for a botnet called ‘Dorf’ that year,” she said “We made a lot of jokes about Santa and his Dorfs.”

But it’s not very funny when you receive what looks like an e-greeting from a friend and instead end up with a computer infection. Unfortunately, said Jones, it is best just to avoid opening it unless you can get absolute confirmation from the card’s supposed source.

“It’s gotten to the point where it’s so easy to spoof that you really do need to exercise caution. I would email the friend and ask ‘Did you actually send me this?’ just as you would with any unexpected attachment from a friend.”

Links to opportunities for job offers abound on Twitter. Cash-strapped users looking for some help with income this holiday season may find the offers too good to ignore. But McAfee researchers say most are scams that serve up dangerous links that ask for your personal information, such as your email address, home address and Social Security number to apply for the fake job.

And holiday sales, while common and often legitimate, are also easy ways to send bad links, said Jones.

“Make sure you check shortened links before you click on them,” she advised. “Bitly, for example, offers a service to preview where the link is going if you add a plus sign to the end of the link you’re questioning.”

Holiday scam 7: Fake charities

Some estimates put the number of fake profiles on Facebook at as high as 40 percent. And it isn’t just individual profiles that are created fraudulently. Fake business pages are also a problem on the social network site. And fake charity pages are a holiday-season hazard as generous givers look for a place to put their donation.

If you want to ensure you are donating to the legitimate charity, seek out the organization’s site directly, said Jones. And ignore all email solicitations for donations, as well as the links the messages may contain.

“Charities typically do not randomly sell emails looking for donations,” said Jones. “Most still prefer snail mail.”