Deception has always been part of our lives, so have been con artists. With the evolution of the Internet and our ever-growing dependence on it, however, deception in the form of online scams and frauds has amassed. Con artists of the online realm don’t really need special artistic talents to trick their targets – all they need is a phishing mechanism and a platform with a sufficient user base.
Indeed, due to its automated nature, phishing has grown to be one of the major scamming mechanisms aimed at online consumers. Phishing scams often carry malware, and are restless all-year-around. Nonetheless, to increase the efficiency of their campaigns, scammers tend to exploit big international holidays like Christmas or other events of global character (such asthe FIFA World Cup).
Black Friday was also riddled with specifically themed scams, created for the active online shopper, and surely next on the list of cyber con artists is Christmas. What better time to exploit people’s holiday spirit, lightheartedness and willingness to give?
This article will introduce you to some of the scams that we believe will attempt to entrap your financial and/or personal information for malicious reasons.
The Secret Syster Gift Exchange Scam
The“Secret Sister Gift Exchange” scam has already been detected on social networks such as Facebook, offering a gift exchange that requires the users to send money. In return, they are offered many lucrative gifts which are are never received. The practice is considered illegal in many states and countries as gambling and participating in it can lead to many fraud issues.
In short, this scam is a modified version of the “Secret Santa” gifts exchange, which has been popular in Facebook groups and Reddit communities. Participating users usually need to send a gift to an anonymous user and in exchange they will receive an item. The scammers coordinate the process on the corresponding platform. However, in this case the participating users are coerced into sending out money in the amount of $10. The links sent through the social networks redirect to a landing page or a payment gateway. It is very likely that this scam or similar ones can be distributed via email phishing messages as well.
Right before Black Friday,Amazon went through a security incident. According to reports, Amazon customers received emails from the retailer notifying them about the data breach. Apparently, names and email addresses of users were “inadvertently disclosed”, with the reason being a “technical error” details of which haven’t been provided.
The leaked information consisting of names and emails may not be as valuable as credit card information but cybercriminals could still abuse it many ways. Crooks will definitely find a large database of names and emails useful in various malicious scenarios.
This privacy incident is not the only potential danger lurking around Amazon. The company’s name has been abused in various phishing campaigns.
One of the newestAmazon-themed phishing scams involves an email message that is masked as being sent by the company itself. To make the email very convincing, its body contents are designed using the typical Amazon web elements. The recipient’s email address is placed in the beginning with bold text which may confuse them into thinking that the email is personalized. However, it is just an example of a carefully crafted phishing attempt.
The person’s real name and other related elements are exploited in this scam as well as other types of information that are disclosed during user registration.
The body contents of the messages are said to falsely display a notification that a Prime membership was purchased for a long period (6 or 12 months) and that they can cancel the automatic renewal by visiting a certain site.
Upon clicking on that page, the potential victim is redirected to a fake login page. If their account credentials are entered, they will automatically be transferred to the operators of the scam. As a result, the hijacked information can be used for identity or financial theft or can be sold to other criminals for related malware operations.
One of the most popular Amazon scams remains the so-called$1000 Amazon Gift Cards scam which has been circling the web for years. Considering its gift nature, the scam is likely to be revived once again right for Christmas. One of its latest variants is an adware that keeps showing pop-ups with the message $1000 Amazon Gift Card is reserved for you. The scam is hosted on numerous domains. Keep in mind that older versions are still found across the Internet, as well as videos promoting the $1000 Amazon Gift Card Scam on YouTube.
The “I’m a programmer who cracked your email” Scam
The“I’m a programmer who cracked your email” scam is a hot topic all over the Internet, and judging by the number of reports, it will remain so. The scamming message is distributed over email and is considered scareware that relies on social engineering. Long story short, the extortionists want you to pay them for a non-existent security breach that allegedly landed them your email account password.
If you ever receive such a message, be it Christmas time or not, you should ignore it and delete it. It is also a bad idea to reply to it. Change your email password, but first make sure your computer is clean from any malware. Upon changing your email password, check if you are on the real URL address of your email provider and not a phishing page.
Be Prepared: Scams Are a Real Threat
Fredrick Haines, a man from Kansas City, USA, received the sum of 110,000 US dollars as a settlement from Western Union. Fred, aged 77, was a victim ofthe infamous Nigerian Prince scam, known for tricking unsuspecting people that they will inherit a huge fortune from Nigerian royalty.
According to a report by Daily Mail, Mr. Haines wired exactly $110,000, between 2005 and 2008, to scammers who promised him a $64 million inheritance if he made financial commitments.
Regardless that his loss occurred around a whole decade ago, Haines will receive all of his money back as a beneficiary of a $586 million fund set up by the Western Union. The fund was set to pay back victims of similar scams located in Canada and the United States. Western Union made that move after admitting in a settlement with the Federal Trade Commission that some of its employees back then had colluded with the scammers to defraud customers such as Haines.
Even though the story ended happily for Mr. Haines, you should not rely on anyone to recover any financial losses due to scamming. Furthermore, not all scams are after your money. Some scams drop malware on infected systems which, for instance, may collect every keystroke and send it to the malware operators. Ransomware is also distributed in malicious spam campaigns, which tend to increase around the Christmas holidays.
Depending on the hackers’ purpose, the malware payload may harvest or encrypt your sensitive data, or may exploit your system’s resources for cryptocurrency mining purposes. The crucial thing to remember is that the threat of online scams is real and is not exaggerated, and you may be the next victim, if you’re not careful enough. Even people who believe that are educated enough on the current online risks may be lured by smart crooks. So, be sure to keep your operating system, browsers and any software you use updated with the latest security patches. You may also consider using an anti-malware program as another layer of protection.