Tips: Avoid Holiday-Related Scams

As the holidays bring an increase in online shopping, charitable giving and social interaction, consumers and businesses should be on guard against some common scams that occur frequently at this time of year, according to security experts from Unisys Corp.

“The consumerization of IT and widespread use of mobile technology and social networking, both at work and at home, have increased the risk of financial fraud and identity theft -- especially during the holidays,” said Mark Cohn, vice president, enterprise security, Unisys. “While scammers are seemingly everywhere this time of the year, consumers and businesses can do a lot to protect themselves from fraudulent activities. By taking some relatively simple precautions, everyone can maximize the chances that they will beat the cheats.”

The dangers of online fraud continue to grow. The number of Americans falling victim to identity theft increased 22 percent to a record 9.9 million in 2008, losing $48 billion in the process, according to Javelin Strategy & Research.

Meanwhile, online shopping on the job will continue to be popular. This year, 53.5 percent of workers with Internet access, or 68.8 million people, will shop for holiday gifts from work, according to Shop.org.

The bi-annual Unisys Security Index reported this month that, in the nine countries covered in the survey, the top security concerns of consumers are bank card fraud and identity theft. The percentage of Americans who are seriously concerned about the security of their online transactions rose to 42 percent, the highest level since the Unisys Security Index began two years ago.

Unisys identified 10 of the most prevalent scams that can lead to financial fraud or identity theft during the holidays. They are listed below, in no particular order, along with tips on how to avoid them.

1. Online shopping threats: In the United States, the FBI reported that more than $264 million was lost in 2008 due to online fraud. To avoid being yet another victim, Unisys security experts recommend that online shoppers always shop on safe sites that have SSL (a protocol for secure communications) certification, indicated by a locked padlock at the bottom of the screen. If you have second thoughts about using a site or retailer, follow your instincts and avoid it. Where possible, use a credit card rather than a debit card as banks can often offer consumers a higher level of protection when a credit card is used. If buying through sites such as Amazon or eBay, take the time to read the seller feedback. Finally, be sure to check your bank statements regularly for any unexpected ‘purchases.’

2. Seasonal spyware: The number of malicious e-cards circulating to personal and business computers is expected to rise this year. Unisys experts suggest that even in a workplace setting, individuals never open an e-mail or attachment from an unknown sender and do not download ‘exe’ files as these often contain adware, unwanted downloads and spyware.

If you can’t resist opening a file, drag it into your ‘junk’ e-mail folder first as this allows you to check all the links to see if they are legitimate. If a site looks suspicious, follow your instincts and don’t click on it. Finally, be sure to install personal firewall, anti-malware and protection agent software on your computer. So if you make a mistake and click on a malicious e-card, you will have some protection.

3. Not-so-social networking: Enterprises and individuals are making increasing use of social networking sites such as Facebook and Twitter to keep in touch with clients, partners, friends and family over the holiday season. Unisys security experts warn that these sites can be a goldmine for identity thieves. According to GetSafeOnline, one in four people using social networking sites have posted confidential or personal information such as phone number, address or e-mail on their online profile. To avoid identity theft, never offer personal information to anyone over a social networking site, even if the request is from a friend or relative. Do not offer your birth date, birth town and home address on your user profile, and always make sure you apply the right privacy settings to protect yourself. Avoid posting photos of expensive belongings or dates when you are away from home over the holidays.

4. Beware of ATM skimmers: Whether at your neighborhood bank or at your office lobby or credit union, Unisys experts stress the importance of being aware of your environment when using an ATM to obtain holiday shopping cash. If you think someone is too close behind you or looking over your shoulder, find a different ATM machine.

Thieves are becoming more and more sophisticated, so also check the actual machine to make sure that it is solid and sturdy. Some skimming scams have involved fitting the front of an ATM with a false panel containing a small webcam or digital camera that can capture your card details. If the ATM machine appears to be behaving oddly or does not work the first time, go to a different machine -- don’t try it again.

5. Fake Online Payment Sites: Escrow services such as PayPal allow businesses and consumers to securely and conveniently send and receive payments online. However, escrow scams are increasing as fraudsters set up fake payment sites to con both buyers and sellers out of money.

To ensure payment sites are legitimate and secure, Unisys security experts suggest checking to ensure the sites have SSL certification. Also check that the web address starts as https:// rather than just http:// as the absence of that “s” is often an indicator of rogue traders. A real escrow company will also only ask you to transfer money to them directly from your bank, i.e. a traceable transfer. If they ask for another method, refuse. Before you send anything, verify with your bank where the receiving bank is located. If this looks like it is outside the seller's own country, stop the transaction.

6. ‘Spirit of giving’ scams: Christmas is the season for sharing and, as a result, thieves will often make the most of people’s generosity over the festive season. Unisys suggests that individuals watch out for e-mails or tweets from charities that ask for donations, particularly if you have never signed up to receive correspondence from them. Be sure to check that charity collectors in your neighborhood or near your office have some form of identification.

7. Gift grabbers: After opening all the presents, Unisys recommends breaking down the boxes completely so that what was in the box is not obvious to passers by on the street. Thieves are more likely to target homes with home theatre or PC boxes in the trash. The same is true of business-related or personal bills, receipts and financial statements -- all of which could contribute to identity theft. And as always, employees must protect their company’s intellectual property by safely disposing of materials that are proprietary to their companies.

8. Protect your new laptop: If you received a new PC or laptop running on MS Vista or Windows 7 as a holiday gift, Unisys suggests making sure you are using anti-malware software and have enabled the firewall before connecting to the Internet. Whether you are connected to a wireless network or via a cable, on average, it can take just nine seconds for your new laptop to receive its first ‘ping’ attack and less than a minute to receive its first virus.

9. ‘Free’ Wi-Fi and wireless network hacking: If you are using that new laptop on a wireless network at home or workplace, Unisys recommends making sure that network is secure. This is because the Wi-Fi network range will radiate beyond the confines of your building, leaving it vulnerable to “wardriving” (the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer so they can use your unsecured network for free).

Hackers could use an unprotected wireless network to anonymously download illegal material or perpetrate attacks that would appear as if they were coming from you. Wardrivers are also known to hack into computers to steal personal details. In one highly publicized case, a retailer reportedly lost more than  45.7 million personal credit and debit card details to hackers. The crime went on for four years before it was detected.

10. Account check and phishing cons: Unisys security experts recommend that individuals at home or work be wary of account checking scams in which a phony representative of a bank or supplier who contacts you by phone or e-mail to ask for account details to update their records.

Callers will often claim that they need certain data in order to check the security of your account while actually obtaining very valuable information to carry out fraud. In the lead-up to Christmas, remind your family, friends and colleagues to err on the side of caution and refuse to give out any personal details either on the phone or online. If you think the call is genuine, ask to call them back and check the number by visiting their website before you call back.

Likewise, don’t assume that an e-mail that looks like it comes from your bank or a company you’ve done business with is legitimate. In common phishing attacks, e-mail messages from impostors contain links to phony lookalike sites where your logon ID and password can be captured. Always suspect that web links in unsolicited e-mails may be fraudulent, and don’t provide any personal information to such sites.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3