Blog
Beware of Scams this Holiday Season
By Tony Vizza, CISSP, (ISC)² Director of Cybersecurity Advocacy, APAC
Over the past few weeks, I have noticed a marked increase in the number of phishing attempts, both using cyber based methods as well as traditional methods such as phone calls, text messages and even postal service scams.
Scammers rely on psychological trigger points to succeed. December, in particular, is a stressful time for many people. Boozy Christmas parties, buying presents for your family (and finding something your partner will like), planning the holiday getaway with the kids and of course wrapping up end-of-quarter and end-of-year and you have a hazy mix of peace on earth, goodwill to all, exhaustion, apathy and protective shields being down.
Scams to be mindful of at this time of year are as follows:
Email-Based Scams
Many of the email-based phishing attempts manage to bypass multiple layers of very strong technical security controls due to their targeted nature. They rely on a number of psychological triggers to elicit action – for example, the email I received about employee satisfaction at the time of year that traditionally sees Christmas bonuses handed out (example below).
Fraudulent emails should be marked as “Junk” within your email client or browser and reported to internal information security personnel.
Text-Based Scams
A method that has featured prominently is the SMS (or text message) based phishing attempt. At this time of year where people are spending more than they usually might, people are more heightened to financial concerns. A text message purportedly from a financial institution warning of suspended access or fraudulent transactions may gain more attention at this time of year than others. Here is an example I received this morning purportedly from a banking institution I have no affiliation with:
The recommendation here is to report the scam to local law enforcement or official scam reporting services and delete the text message.
Phone-Based Scams
A method that has become far more prevalent than ever involves robotic phone calls that deliver a dire warning to the person answering and soliciting some form of action to deal with the issue.
A popular variant at the moment suggests that there is a pending arrest warrant out on you due to a tax debt. These phone-based scams rely on fear and many fall victim to these scams. The link below provides an example of such a phone call: Sample Robot Phone call
It should also be noted that some phone-based scams rely on emotional elation to dupe a target. For example, a call suggesting you have won a sum of money, or a prize and then requesting details from you to forward across details on how to collect the “prize”. Again, these scams rely on trickery and emotional manipulation.
The recommendation here is to hang up on these phone calls and report the scam to local law enforcement or official scam reporting services
Paper-Based Scams
Another way that scammers can defraud is through theft of postal mail from your letter box to determine personal details that allow them to create fraudulent bank accounts. I recently assisted a family member in such a situation, where they were (legitimately) notified by a bank of a new bank account created in their name – even though they had no association with the bank or any third party associated with the bank. Subsequent investigation revealed that the account had been created fraudulently.
Again, the recommendation here is to report the scam to local law enforcement or official scam reporting services and work with the institution to rectify the situation.
In addition, another prudent course of action is to set up credit alerts on your credit file. Credit monitoring and reporting agencies and bureaus can provide assistance with this.
Finally, never underestimate the value of locking your mailbox with a key or perhaps investing in a Post Office box and listing the Post Office Box details on all postal material. Its a simple but effective way to help prevent mail based fraud.
Other Methods
The methods that can be employed by scammers are endless and scammers are always looking for ways to succeed. Scamming attempts include:
- Fake charities and accosting those walking by with requests for donations. It is relatively simple for someone to create a convincing “ID” badge and walk around the streets seeking cash from those who want to do good, particularly around Christmas time.
- Door-knockers purporting to be from a utility provider, telecommunications provider or other legitimate provider seeking personal details.
- Dating scams, of which there are numerous ones to list.
It is always recommended to report is to report the scam to local law enforcement or official scam reporting services
The old adage that “if it sounds too good to be true, it probably is” is more relevant than ever.
Other Helpful Resources
If you would like to learn more, please visit the Safe and Secure Online website by (ISC)² – https://safeandsecureonline.org/