Holiday Scams: Avoiding the 12 Hacks of Christmas

Holiday Cyber Crime the 12 Hacks of Christmas

The holiday season is filled with joy, family… and, unfortunately, cyber crime. Along with all the pleasant reasons to look forward to the season, there is increasing cause to be wary as cyber crime ramps up every year right alongside holiday spending.

Unfortunately, cyber criminals know people are spending more time online and are rushed to get their shopping done, so they capitalize on the opportunity to target unsuspecting consumers.

That means it’s a great time to highlight common attacks so you know what to avoid through the holidays and into the new year.

How Scams Work: The Tactics

Cyber criminals don’t have to pick and choose tactics. They can throw everything at you at once in the hopes that you let your guard down (or click before you think) just once and open the door. But here are the most common tactics in use today:

  • Phishing. These are fake emails with a variety of messages designed to entice you to click through to a fake website or other link that steals your credentials (username and password) or downloads malware onto your computer. Common examples include prompts that your order has been delayed or canceled or high-cost purchases that will have been charged to your card with a request to contact them if the purchase is fraudulent.
  • Vishing. These are fake phone calls – sometimes robocalls, but also real people who seemingly just want to help. Their actual goal is to get you to reveal personal or financial information they can use to exploit your accounts.
  • Smishing. This is similar to phishing but involves texting instead of email. People sometimes drop their guard with texting, forgetting that it’s easy to spoof a phone number and that malware can be loaded onto phones as well as computers. 

Learn to avoid phishing, vishing, smishing and more with our free checklist.

12 Common Scams To Avoid

While the tactics remain pretty much the same, cyber criminals get very clever and devious with their approach. Here are some common scams to watch out for:

  1. Greeting card scams: This older scam is making a comeback. After all, who doesn’t receive e-cards from people from time to time that they are not quite sure how they know.  Like other fake emails, a single click could lead to malware installed on your device.
  2. Gift card scams: The hooks here vary: They need you to pay for something by putting money on a gift card or even that they need you to do this to catch hackers who accessed your account. Whatever the reason, you’re asked to buy gift cards then call them with the codes on the back. Don’t do it… ever. There is no valid reason why someone would need you to take these steps. Report the scam to
  3. Charity scams: Don’t let anyone rush you into a donation and don’t pay by cash, gift card or wiring money. Research your charity first, including how much of your donation goes to charity and check out the charity by searching its name along with terms like “complaint” or “scam.” You can also use the BBB site Give.Org to research charities.
  4. Package scams: You may receive emails telling you there is an issue with your shipment or “There’s a package waiting for you, click to schedule delivery.” This scam has been around for years, but with the supply chain issues resulting from COVID 19, there are a lot more people waiting for packages who could potentially get caught up in this net. There is always an uptick in this scam during the holidays.
  5. Student loan scams: With student loan payments set to resume January 21, 2022, criminals are taking advantage of the confusion. They pose as representatives of your federal student loan and ask for things ranging from verifying information to payments. They’ll even promise quick loan forgiveness. Never give out your Federal Student Aid ID. If you have concerns, go “out of band”, contact your lender directly with the information posted on their site or on your loan documents.
  6. Small business scams: These range from offers to promote your inventions to listing your business in a “Yellow Pages” like directory. There are even scams around business consulting and office supplies. If an offer seems too good to be true, it most likely is.
  7. Google voice scam: Scammers respond to postings on Craigslist or Facebook marketplace but say they’re wary that YOU might be a scammer. Their solution? They’ll send you a text message with a Google Voice verification and then ask you for that code. Once they have it, they use the code to set up a Google Voice phone number and then use that number to scam other people.
  8. Amazon scams: Seems like everyone uses Amazon nowadays, which is why impersonating an Amazon representative has become a go-to scam for criminals. If you get a call from Amazon, hang up, then go to the Amazon website. Same is true for other retailers.
  9. Crowdfunding and social media fundraising scams: Crowdfunding campaigns are growing in popularity with reputable sites like GoFundMe and Kickstarter making it easy to set up, run and donate to a campaign. Many crowdfunding campaigns are not tax-deductible charities, but still worthy causes. Then there are the actual scams – donations don’t make it to the people that they are supposed to help, the people they are supposed to help aren’t even real and a variety of other common tricks. Do your research before donating with these tips from the FTC.
  10. Employment scams: As if people out of work aren’t stressed enough, now they have to worry about employment scams. Some are as simple as posting fake jobs to get you to share personal information. Others are more involved, including sending you payments (which eventually bounce) and then asking for you to send a portion of that somewhere else. Don’t trust posts on sites you’re not familiar with, people who give you a job without meeting you (in person or on the phone), request payment for training or equipment that will be repaid once you start, or send you a check before you start.
  11. Social Security scams: These are usually phone scams, but can take other forms. Perpetrators pretend to be from the Social Security Administration (SSA) and often ask to “verify” your Social Security number (SSN). The SSA will NEVER call and ask for your SSN. This type of scam may impersonate other government agencies as well. Go “out of band” and go directly to the agency’s website or look up their number and call them.
  12. Health scams: We may not have salesmen peddling tonics to cure every ailment anymore, but the spirit of the snake oil salesman is still alive and well in modern health scams. Be skeptical of guarantees or promises. Remember that “natural” does not mean either safe OR effective. Look at any claims carefully and don’t share personal information to learn about a treatment “they” (government or pharma companies) don’t want you to know about. This combination of hope and fear is a hallmark of health scams.

It’s the holiday season, so we had a little fun with the title. Unfortunately these holiday scams and others are happening year ’round and are increasing. You can protect yourself with some awareness and vigilance. You can also protect your business the same way. Awareness training that includes everyone on your team – from the CEO to the intern – is a critical part of your overall cyber security plan. As an Intrust IT client, this training is included in your IT service management agreement.

Not a client yet? Contact us or book a meeting to learn about our managed care services for businesses of all sizes and budgets.

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Securing Our Cities Cybersecurity Protection for Local Governments - Intrust IT

Securing Our Cities: Cybersecurity Protection for Local Governments

As a city or municipality manager, you understand that the security of your community extends far beyond physical borders. With...
Manufacturing and IoT Securing Connected Devices

Manufacturing and IoT: Securing Connected Devices

You're the operations manager of a cutting-edge manufacturing facility, overseeing a production floor buzzing with activity. Your team relies on...
Small Business Cyber Security Toolkit

Small Business Cyber Security Toolkit: The Tools You Need to Stay Protected

With great power comes great responsibility, especially when it comes to running a business and protecting your digital assets. As...

Business Continuity Plan Template for Municipalities

Municipalities are facing increasing cyber attacks.  With cybercrime rates soaring and municipalities ranking as prime targets, the need for robust...
Cybersecurity Strategies for Municipalities 8 Expert Tips - Intrust IT

Cybersecurity Strategies for Municipalities: 8 Expert Tips

Municipalities tasked with safeguarding sensitive data and critical infrastructure are increasingly the targets of cyberattacks. Municipalities often handle a vast...
Business Continuity Guide for City Managers - Intrust IT

Business Continuity Guide for City Officials

The resilience of a city's operations hinges on its ability to effectively weather unforeseen challenges. From natural disasters to cyber...