Skip to content
ApplyGive

Other ways to search: Events Calendar | UTHSC News

Five Types of Holiday Scams to Watch Out For

elf

spar

During the holiday season, threat actors double down on new and creative ways to deceive people both online and offline-and succeed. An Experian survey revealed that 1 in 4 respondents reported being a victim of identity theft or fraud during the holidays. From holiday related phishing emails to illegitimate shopping websites, there are many ways cybercriminals exploit the hustle and bustle of this time of year.

Luckily, with the right security know-how, you can fight holiday fraud and help your coworkers, friends, and family stay safe too!

Here are some of the biggest holiday frauds to look out for:

Charity Scams

Special holidays may remind us of all we have to be thankful for. As we reflect on our blessings, it's often a nice time to share our good fortune with others-and many of us do! Cybercriminals know the holidays are prime times for donating. That's why they create sneaky scams to take advantage of our giving spirits!

Be on the lookout for fraudulent emails that appear to be from charities and websites that look a bit "off." Online, criminals will often mimic similar names to reputable charities, so look extra closely at the URL for misspellings or inconsistencies. For example, you may get an email from "The European Salvation Army" when really, the real Salvation Army leaves off "European" as an international brand. Or the link may be a .com extension instead of a .org.

Don't assume phone calls are any safer than emails ー search for the organization online yourself; never assume a URL a telemarketer shares with you is legitimate. A website like https://www.charitynavigator.org/ can help you understand where your money could be going. And when you are comfortable making a contribution, do the following:

      • Check your web browser for a secure site padlock
      • Pay with a credit card, not a debit card, whenever possible
      • Avoid cash donations, which are harder to trace
      • If you're still uncertain, follow these additional tips from the FCC for avoiding holiday scams as well as additional resources from European ENISA and U.K. NCSC.

Delivery Scams

If you're shopping online this year, there are some extra ways to keep yourself and your family safe. From physical item theft to phishing campaigns, delivery scams are on the rise-with non-payment and non-delivery scams the second most prevalent threat reported by the FBI's Internet Crime Complaint Center.

One of the most popular forms is the "package wasn't delivered" scam, wherein the threat actor sends a phishing email imitating your shipping sender, claiming they were unable to get a package to you on time. These emails may contain infected links or attachments that download malware. Work-related emails may use urgency to trick you to take quick action, saying an important delivery is held up and will be rerouted if you don't click a link to validate the shipping address or send over the final payment.

To avoid these scams, hesitate before clicking any links, opening attachments, or sharing personal information with the contact. Verify through the actual source, like Amazon, or your vendor directly. Here's more advice for avoiding delivery scams to dig deeper.

Travel Scams

Hopping on a plane this year? Cybercriminals know this and often craft phishing messages with fake deals or promotions right before the holiday season. For example, you may get an email on an incredible deal on flights or an all-inclusive resort that seems too good to be true. Chances are, it is! Always verify the deal on the real provider's website.

The holidays are also prime times for threat actors to breach an individual's system and send text messages, emails, or social media messages to their contacts, posing as a trusted friend or family member. They may Facebook message you from your friend's profile saying, "I traveled internationally to see family. Someone stole my wallet and I'm stuck here. Can you wire me money to get a flight home?" or try a similar money transfer fraud. Don't fall for these travel ruses! 

If they were really traveling, you would likely know. Remember, if they compromised a Facebook account, they could post ambiguous pictures looking like they're traveling. Is your friend actually in the picture? Even "check ins" can be faked. If you receive a message like this, take a moment to call your friend directly. 

Shopping Scams

Big sales can make shopping feel irresistible around the holidays. From substantial discounts to free shipping and payment plans, stores offer extra incentives to buy before, during, and after a major holiday. During these prime windows, many get hit with a slew of emails or online advertisements - but not all are legitimate.

The FBI and other governing bodies receives complaints all the time about shopping scams, which it compiles in its annual Internet Crime Report. Common  reports include:

  • Not receiving their product after paying.
  • Websites copying information from legitimate websites to deceive.
  • "Contact Us" information mimicking a geographical address in one country when the company is located elsewhere.
  • Vouchers or gift cards in exchange for filling out a survey.
  • Holiday contests shared through a link by an unsuspecting friend.
  • Before purchasing anything around the holidays, stop and think. If you see a targeted advertisement on social media, go directly to the website yourself to purchase it without clicking on the ad. If a deal looks too good to be true, remind yourself that it probably is!

"Out-of-Office" Help Scams

Many organizations offer extended time off or variations from normal business hours during the holidays ー and cybercriminals are expecting this. 

One common out-of-office scam involves the "I have no service," trick, wherein someone claims to be traveling for a holiday and can't get Wi-Fi or a data signal from where they're staying. They may ask you to do something for them. Proceed with caution. When receiving correspondence around a major holiday-always verify the request by calling or video chatting with the person on a known, legitimate channel to hear or see if it's really them. If they claim they can't, let them know you can't help them until they can prove their identity.

Reach out to the Office of Cybersecurity at itsecurity@uthsc.edu for additional information about any of these scams. 

#BeCyberSafe

Nov 20, 2023