It may be the most wonderful time of the year, but the bad guys have plenty of surprises in their stockings. Each week in December, we will cover a different cybersecurity topic to help keep you and your family safe online this holiday season. This week, we will cover the most common holiday scams you should be aware of so you can protect yourself and your organization from a cyber-attack.

Below are five major scams to watch out for this month, and how you can defend yourself against them:   

1. Online Shopping Deals
   Did you forget to get a present for Aunt Cheryl? The bad guys will be faking lots of holiday deals for desperate, last-minute shoppers. These might appear in your email inbox or through advertisements on social media and popular websites.

• Do not click on ads or emails for deals that are too good to be true.
• Make purchases at your favorite online store by navigating directly to the site using your browser or using an official mobile app for the online store on your phone.
• Only shop from popular shopping websites that you know and trust. Many fake shopping websites pop up around the holiday season, with enticingly low prices. Do not fall for it!
  
  
2. Charity or Donation Requests
   2020 was a difficult year for many, and legitimate charities and non-profits need your assistance. Unfortunately, the bad guys will take advantage of this by pretending to be charitable organizations. They will email you--or even call you--asking you for a credit card number to use for “donations". Do not fall for it!
• As a rule, never give your credit card information over the phone to anyone who calls you unexpectedly.
• If you receive an email from a charity or non-profit asking for donations, review the links, the sender address, and other components of the email to make sure the email is legitimate.
• If you want to donate, go directly to the charity or non-profit's official website and look for ways to donate through their site.
  
  
3. Delivery or Shipment Notifications
   Don't get excited about an unexpected delivery notification. You may think you've received a surprise gift or finally got that delivery you've been waiting for. Instead, that notification you received could actually be a phishing attack.
   
   These attacks are often successful during this season because people are expecting more deliveries and shipments than they normally are. So, to stay alert and protect yourself, follow these rules:
• Look closely at delivery and shipment notifications to make sure they are legitimate.
• If you do shop online, go directly to the store websites to track your orders and shipments rather than click links in emails.
  
  
4. Fake Receipts or Financial Statements
   Since more people than ever are doing their holiday shopping online, the bad guys know that you might be receiving lots of receipts in your email from various online shopping websites.
   You might also be receiving credit card or banking statements that list recent charges posted to your account.
• Even if you receive a receipt from a company you buy from regularly, look at it closely before clicking any links or opening any attachments. If you do not recognize the purchase, do not click anything.
• Remember that many phishing emails try to “shock" you into clicking without thinking. So, if you see a receipt with a very expensive purchase price on it or a “your payment is late" email from your credit card or banking institution, make sure you stop, look, and think. The email might not be legitimate.
• Always visit a company's official website to review your supposedly late payment or recent purchase by either typing the web address into your browser window or by using their mobile app.
  
  
5. Watch Out For Smishing
   Many companies, products, and services have started offering text message alerts to keep you up to date. Scammers are aware of these alerts and they are taking advantage of unsuspecting individuals. They send a text with dangerous links or prompt you to respond with personal information by posing as your bank, an online account, or other services–to name a few examples. This Short Message Service (SMS) or text-based phishing scam is called Smishing, and the bad guys have taken a liking to it.
• Remember that government agencies, banks, or any other legitimate business will never request sensitive information over a text message.
• Take your time. Much like email phishing, texting scammers will often use the social engineering tactic of creating a false sense of urgency in their message.
• Never click on any links or call any phone numbers in unexpected texts. Contact the company directly if you would like to verify the text message. 
  

Always remember: Never click on links or open attachments in an email that you weren't expecting. This single rule will help you avoid many common holiday hacker tactics.

 Stop Look Think - Don't be fooled
Thank you,
Tina Travieso
Chief Information Security Officer
Palm Beach County ISS Enterprise Security

​