Online scams increase by as much as 307% during the holiday season. For Black Friday emails alone, it is estimated that 56% are scams.
Canadian cybersecurity education leader, and myla Training Co. founder Anne Genge says:
“these days we need to treat every email as if it’s evil until proven otherwise. Holiday times are hectic and cyber-criminals have perfected the ‘art of the scam’.
Anne Genge Dental Privacy & Cybersecurity Advisor/Speaker/Educator
The truth is that cyber-criminals could care less that it’s a holiday – they see it as an opportunity.
Here are some tips that can help you make it through the holidays without incident.
1. Fake shipping notifications
If you get an email or text notice from Canada Post, DHL or FedEx about a parcel, think twice before clicking. You’ve probably ordered presents online, and hackers know this…they expect you to be too busy to look carefully.
The click will often take you to a fake website where you get infected with malware, or they might ask for additional information so they can steal your identity.
HOW TO AVOID IT: Above all, don’t click on link. Never give out personal information unless you’re certain you’re in the right place. The better option is to log into your email and find the original confirmation or go straight to the retailer’s site to track the shipping status.
2. Letters from the North Pole
Preying on children at Christmas is pretty low, but because no one expects it, it’s successful.
In this case, there are some sites out there that quite legitimately will send your kids letters from Santa for a fee. However, scammers have been known to quickly build and market a site offering the same.
After they’ve got your address and credit card info, they vanish into the dark web and no letter ever appears.
HOW TO AVOID IT: A great skill to have is knowing how to vet a website properly. For instance, you can search the name of the company with the word “scam” after it, and see if there are any hits from unhappy customers.
Also, look for a physical address on the website under the contact info. Failing that, look for the privacy policy, which is usually in the bottom banner, and make sure there’s contact info in there, per law.
Above all, don’t share yours or your child’s personal information. If you want to go above and beyond and have Santa encourage your wee one to keep up the good work, the Canadian Postal Service’s letter from Santa is free.
3. Fake confirmations
Occasionally – it seems coincidentally – you’ll get an email or text from a retailer that you’ve just shopped at. Who knows if it’s luck, or if either you or the retailer has already been breached and there’s a hacker with a foothold in one system or the other, monitoring online activity.
Once again, these links lead to a fake website that asks for more information. Alternately, they may ask you to click a link if you did NOT authorize a purchase – the goal here is to panic you quickly enough to get you to click before you think.
HOW TO AVOID IT: There are often little hints, such as poor grammar or errors in spelling. As well, if the logo seems blurry, that’s because they’ve copied the low-res picture online to set up their trap. Stay calm, don’t click. Type the URL into your browser yourself to check on the status of your account. Never provide a username, password or personal information from a link click.
4. Lookalike websites
‘Tis the time of year for marketing email blasts! Unfortunately, there are so many email addresses available on the dark web, it’s easy for a hacker to buy a cheap list, and throw together a lookalike website for a major retailer. They create deals, discounts, free gifts or offer gift card bonuses to convince you to make a purchase. The bad news is that now they have your credit card number (as well as your email) and you never get your purchases.
HOW TO AVOID IT: If you see a good deal, it may be too good to be true. Find the retailer in a good old-fashioned web search, and compare the deals they have. Anytime you want to purchase something from a website, make sure the URL begins with “HTTPS” – this tells you it’s a site that’s been secured and encrypted for your safety.
5. Bogus charities
It’s unconscionable that people would steal the money right out from under a charity, but that’s what happens.
At the end of the year during the holiday season, people are often feeling a little more generous, or they may have a little money left in their donation budget that they want to forward to someone who needs it.
Cyber-criminals will use social media posts to take you to a fake website. Sometimes you’ll get a plea for urgent assistance through an email. These often suggest payment in ways that are not traceable, for instance: cryptocurrency, preloaded credit card, or wire transfer.
HOW TO AVOID IT: They often use a name similar to a legitimate charity, so be sure to check the Government of Canada’s List of Charities. Alternatively, do a google search for the name they’ve given you with ‘scam’ to see if anyone has already reported them.
If you do decide to share your holiday spirit by donating to a charity in need, look for the charitable tax number, and only pay using traceable means.
6. Social media gift exchanges
It sounds like a fun adventure…a broadening of the traditional secret Santa gift exchange. It’s set up on social media, where you’re lured into sending a gift to one person and promised 24 or 36 gifts in return.
However, this is a scam built around a pyramid scheme, and it’s designed to be a quick way for them to get your personal information.
HOW TO AVOID IT: Honestly, your grandma was right: if it sounds too good to be true, it probably is. If you like the idea, set up your own gift exchange amongst your friends and avoid phishing schemes altogether.
7. Family emergency scams
Cyber-criminals will often contact older family members through social media – a forum not all parents or grandparents are comfortable with – and prey on their fears. They recreate fraudulent accounts for young family members, and tell an involved story about being in trouble and needing money.
As an alternate route, they may simply pose as a lawyer representing the relative, and request a wire transfer or gift card purchase to cover bail, an emergency plane ticket, or foreign legal fees.
HOW TO AVOID IT: If you get contacted about a family crisis, reach out to other family members to corroborate the story before responding. A good idea is to get their legitimate contact details from someone you trust (or another family member), and reach out to them yourself for confirmation. If you’re still suspicious, ask them for personal information that ONLY a family member would have known, like the name of their stuffed bear when they were young.
8. Phony e-cards
Just like the infamous Trojan Horse, these e-cards send you friendly greetings in order to plant a virus in your computer, or perhaps to get information out of you.
E-cards used to be far more popular than they are now, but they are still shared, so this is one to look out for during holidays (including Thanksgiving and birthdays).
HOW TO AVOID IT: don’t click the link unless it comes from an e-card website service you recognize and can legitimize online. Double-check the name and email address of the sender before you click, and never click on a file that ends in .exe – this is how viruses are downloaded into your computer.
Education for your dental team
One of the best ways to stay safe from the rampant cyber-crime out there is to stay informed. Security awareness training is a compliance requirement for dental practices. If you haven’t yet taken a certificate course this year, here’s a link to myla™ Training Co. to get you covered.
Sign up for our monthly webinars. The next date is January 20, 2023. Sign up free here: https://www.myla.training/courses/ask-us-cybersecurity-and-data-privacy-for-dental-practices
Stay aware, stay safe, and enjoy the holiday season!