Stay Cyber Safe This Holiday Season

With the holiday season quickly approaching, it is important to maintain awareness of the many threats posed by cyber criminals while shopping online and in stores. The National Retail Federation estimates that Americans will exceed last year’s holiday spending to total between $717-720 billion dollars between November and December. As the popularity of online shopping continues to increase, so does the number of potential unsuspecting victims for cyber criminals to exploit. Scammers may target victims through a variety of methods, including via phone calls, text messages, emails, compromised websites, or unsecured Wi-Fi networks. To help combat the threats posed by cyber criminals this holiday season, review the following list of common scams, tips, and best practices:

Beware of Secret Sister Gift Exchanges

gift exchange.jpg

Many people enjoy participating in group gift exchanges such as Secret Santa this time of year and, although social media can be a great way to plan and orchestrate gift-giving activities, beware of potential scams. Social media posts promoting a “Secret Sister Gift Exchange” have been appearing on newsfeeds such as Facebook and Reddit and, in addition to exposing personal information to strangers, this type of chain-letter is actually illegal and considered a pyramid scheme. This holiday season, only participate in gift exchanges with individuals you know personally and refrain from sharing too much personal information online.

Be Wary of Suspicious Email Links, Pop-up Advertisements, and Unsolicited Attachments

Emails that appear to originate from known retailers inquiring about your account or advertising a coupon promotion may actually be spoofed and contain links to malicious websites. It can be very easy to imitate the company branding to make an email appear legitimate. Also, be on the lookout for emails that try to create a sense of urgency as scammers use this tactic to trick victims into acting quickly without thinking. Emails with subject lines such as “Account Suspended” or “Limited Time Offer” may be a ruse designed to get you to click on a malicious link or open a malware-laden attachment. If you ever have questions or concerns regarding any of your online accounts, visit the website directly by manually typing the web address into the URL field of your browser and log in from there. Never enter your login credentials through a site you visited by way of a link in an email. If you receive an unexpected link or attachment from a known sender, contact them directly to verify its legitimacy. Additionally, avoid clicking on pop-up advertisements and hidden URL shorteners. These links can redirect you to phishing sites or websites designed to deliver malware to your machine.

Look Out for Holiday-Themed eCards and Messages Meant to Install Malware

Users reported that they were targeted with various Thanksgiving Day-related scams. In some cases, spoofed emails were sent appearing to originate from legitimate organizations and contained the subject line “Thanksgiving eCard.” Additionally, an Emotet banking trojan campaign was observed using Thanksgiving lures, such as the subject lines “Happy Thanksgiving Day Greeting Message” and “Thanksgiving Day Card.” As malicious actors commonly leverage public interest during the holiday season to conduct financial fraud and disseminate malware, users are reminded to exercise caution with unexpected or unsolicited emails, especially those with a holiday theme. We encourage users to inform coworkers, friends, family, and neighbors – especially senior citizens – about these types of scams to prevent further victimization.


Do Your Online Shopping at Home

Avoid using public computers, such as those at a library or hotel, or public Wi-Fi connections to log into personal accounts or conduct online shopping. Public computers could be infected with malware designed to steal your information and hackers can intercept network traffic traveling over unencrypted Wi-Fi signals. If you must connect to public Wi-Fi, use a virtual private network, or VPN, to secure traffic transmitted between your device and the internet.

Enable Multi-Factor Authentication (MFA) on All Financial, Email, and Online Shopping Accounts

Be sure to enable MFA (authentication by combining at least two of the following: something you know, something you have, and something you are) on every account that offers it as this will prevent cyber criminals from gaining access to your account even if your username and password are compromised. The website maintains a comprehensive list of websites that offer MFA.

Choose Credit Over Debit

When shopping online or at stores that do not yet support chip-and-PIN payments, it is advised to use credit cards over debit cards. While both payment methods pose a risk if compromised, debit cards do not carry the same consumer protections as credit cards, which limit the victim’s liability in the event of fraudulent charges. 


Avoid Connecting Devices to Public Charging Stations

Public cell phone charging stations supplied with power cables or USB ports located in stores, airports, libraries, and schools may seem like a convenient way to charge your mobile devices on-the-go, but can you be sure that your device and data will be safe if you connect? These kiosks can contain concealed computers that attempt to extract data such as contact information, photos, and videos from connected devices, unbeknownst to the users. Additionally, malicious or compromised charging stations can expose devices to the risk of a malware infection. Even if the charging station isn’t malicious, the manufacturer or owner of the kiosk may require users to input their email addresses or phone numbers in order to charge their devices, potentially exposing them to unwanted marketing campaigns, spam emails, and scam calls.

If you experience a cyber-related incident, you may report it to the NJCCIC via our Incident Reporting site here. To report all other scams, visit the Federal Trade Commission website here.