How the Cyber Grinches Try to Steal Christmas

How the Cyber Grinches Try to Steal Christmas

In the classic Dr. Seuss children’s story, the ill-tempered Grinch sets out to spoil Christmas for all the Whos down in Who-ville. Today, there are an abundance of cyber Grinches out there looking to make the holidays a lot less joyful for all of us.

It has become an unfortunate tradition that a variety of cyber threats spike during the holiday season. Malicious actors have developed an array of techniques for cashing in on our goodwill, either by exploiting our charitable impulses or by manipulating our increased online activity.

By some accounts, cyberattacks are likely to increase by 60 percent during the holidays. The Department of Homeland Security recently warned of an expected spike in a range of malicious activity that could result in security breaches, identify theft or financial loss. Here are a few of the more Grinchy exploits to watch out for:

Phishing attacks. Fake emails that appear to come from real companies often have malware-infected attachments or embedded links that, once clicked, download malware to your network or redirect you to an infected website.

Malvertising. Hackers inject malicious code into ads on legitimate online sites. Some may redirect you to a spoofed website where you’ll be asked to enter credit card numbers or other information. Others will infect your system with malware. Worst of all, you may not even have to click on the ad to become infected. In so-called “drive-by downloads,” the infected ad only must finish loading on the web page to infect your computer.

Spoofed sites. These are fraudulent sites that look like a legitimate site, using a similar design and URL as a real site. The Anti-Phishing Working Group identified more than 35,000 such sites impersonating more 200 different brands during the 2018 holiday season. Spoofed sites are usually meant to trick consumers into sharing information such as credit card numbers, but they are also used to spread malware.

Social media scams. Scammers often use social media platforms to offer fake giveaways and contests, usually in order to redirect you to a spoofed site or otherwise steal personal information. One such scam making the rounds this season involves a fake Facebook link to a purported $75 coupon from Costco.

Fake receipts and shipping alerts. With more people shopping online, they naturally receive lots of invoices, receipts and order confirmations by email. As such, people are more likely to click malicious links and open infected attachments.

Account takeovers. This is a form of identity theft in which a hacker uses your account information or credit card number to make purchases using your existing accounts. These attacks are becoming more prevalent due to the easy availability of stolen account information available for sale on dark web marketplaces.

Phone scams. There has been a marked rise in “neighbor spoofing” in which scammers falsify caller ID information to make calls appear to be coming from someone with the same area code and prefix as the target. Around the holidays — when we tend to be in a more generous mood — scammers use this trick to pose as representatives of charitable organizations.

Gift card scams. Thieves are going into stores and stealing card PIN numbers by peeling back the labels covering the PIN. They can then go online after the card has been activated and make purchases with the remaining balance.

As with the Grinch, it is impossible to know what drives today’s hackers. Maybe their heads aren’t screwed on right, their shoes are too tight or (most likely of all) their hearts are two sizes too small. Whatever the reason, consumers and businesses alike must be cautious about their online activity during the holidays. Contact Verteks for assistance in implementing security tools and implementing effective training programs that help users detect and avoid threats.