Solutions for Six Holiday Cyber Scams
OSHA Extends Electronic Reporting Requirement Deadline to December 15, 2017
November 27, 2017
BREAKING: OSHA Extends Electronic Reporting Deadline to December 31, 2017
December 18, 2017
Show all

Solutions for Six Holiday Cyber Scams

The holiday season means many things, but one thing’s for certain: As online activity increases throughout the holidays, so does the activity of hackers trying to take advantage of the unsuspecting.


Whether you’re looking to protect yourself and your family, or your business and employees, here are six common cyber scams to be aware of this holiday season, along with solutions.



#1 – Phishing Attacks

Around this time of year, you may receive fraudulent emails from Amazon or other large retail platforms, telling you your account has been compromised. You may receive similar emails seeking monetary donations for charities or causes.


Generally, these kind of emails emphasize the need for you to reply quickly and/or avoid consequences. What they’re really after are login credentials and payment card information.


Solution:  Emails like these should be filtered by your email program’s spam filter, so if you’re seeing them, make sure your filter is operating correctly.


If any email seems suspicious, it’s best to just not respond. If Amazon or some other retailer truly needs to contact you, you’ll receive follow-up emails and probably a phone call.



#2 – Facebook Add-Ins

Many people frequent Facebook and other social media sites, which is why scammers do too. A recent tactic got Facebook users to agree to installing an illegitimate “dislike button” add-in, which actually installed malware instead.


Solution:  Be very careful when installing social media add-ins – it can be difficult to determine their legitimacy. At work, be sure to review social media policies. For business owners, consider tightening these policies and/or restricting installation of add-ins.



#3 – Refunding Scams

Some cybercriminals will sell you a product or service, and then issue you an unrequested refund check. Sometimes such checks are even sent to people who never bought anything, and may be followed up with mail or email encouraging the recipient to cash the check. The goal of this kind of scam, of course, is to compromise your financial accounts.


Solution: Verify any business you deal with online. Be very wary of companies that try to offer you an unrequested refund – this is a major red flag.



#4 – Ad Poisoning

Online ads are generally legitimate, but can sometimes link to scam websites that may install malware or viruses. Nefarious ads are a common delivery system for ransomware viruses like CryptoWall.


Solution: Here are some “safe surfing” tips to help avoid poisoned ads, especially when shopping online:


•  Consider disabling Adobe Flash, or at least set it to “click-to-play” mode to avoid automatic infections.


•  Make sure your operating system has up-to-date security features.


•  Use ad blocker software so ads don’t open automatically.


•  Business owners may consider network policies that include ad blockers, disable Flash, etc.



 #5 – Ransoms

Cybercriminals want your valuable data. That may mean financial account information, but it could also mean personal information of a compromising nature, or valuable corporate information. If hackers manage to obtain this kind of data, their next move may be to hold it for ransom – demanding payment or something else from you for its return.


Solution: If possible, don’t keep valuable data in insecure places. For businesses, make sure your networks are secure. In general, adopt the attitude that anything online could eventually surface in ways you can’t foresee.



#6 – Executive Email Scams

Business Email Compromise (BEC) scams have recently accounted for $179 million in losses for US companies.


This tactic involves scammers phishing specifically for an executive, deploying a Trojan and gaining access to their email account. Cybercriminals can then monitor the account, waiting for an opportune time to send fraudulent emails for financial gain – e.g. requesting company funds to be wired to a specific bank account.


Solution: Executives should be extra vigilant to avoid spam emails and phishing attempts. Employ strict spam settings and be wary when opening mail from untrusted sources. Perhaps even consider immediately trashing mail from accounts you don’t recognize.


In addition, train your staff to always confirm a wire transfer, ACH transfer or check request of this kind by speaking face-to-face with the appropriate person.



For more information, see “Do you let your guard down during the holiday season? Six cyber scams to avoid this holiday season.”


Contact Saginaw Bay Underwriters for information on identity theft protection, cyber liability policies for businesses and more ways we can help you stay safe online.