The COVID-19 pandemic has already created a golden opportunity for malicious actors to prey on human desires to help others or to discover a “deal.” Initial reports indicate campaigns to donate to scam charities, receive government-sponsored payments, or be first in line for a vaccine, have been wildly successful.
Now, in the holiday season, which even in a “good year” brings out the bad guys, the pandemic is anticipated to drive the largest ever online shopping volumes, add many who are not cyber-aware to virtual gatherings, and, many mental health workers fear, make some people who are already isolated especially vulnerable to phishing scams.
To avoid becoming a victim this holiday season, here are a few tips:
1. Do not click on links in marketing emails or social media. It is just too easy for criminals to convincingly emulate known brands and use links to redirect you to their site to attempt to capture your personal or payment information, or to download malware. If you see an offering on an advertisement you are interested in, go to the seller’s site to check it out.
2. Do not believe you are getting a deal too good to be true. You are not. Everyone wants a bargain, but when you see extreme discounts, especially only from one or a few sites, you are probably in a fake store, where, again, they are trying to capture your personal or payment information.
3. Similarly, if you have not heard of a charity, interacted with it previously, or can otherwise verify it, skip it and work with an organization you know.
4. Be on the lookout for counterfeit mobile apps. Shopping from your mobile device is great, but unfortunately, malicious clone apps are rampant, attempting to steal your credentials to a real app, or your payment information. Only access apps from reputable app stores and pay special attention that you are downloading sanctioned apps, and not apps from third-party developers.
5. Even if you are using a legitimate mobile app, do not enter your credentials or payment information when you are on public wi-fi. Wait until you are home or on a trusted network to perform transactions.
6. If you are experiencing travel bans or restrictions on the size of get togethers, video conferencing with family and friends can be a substitute. But do not post meeting links on Facebook or other public sites. Send links directly to invitees, and make your holiday get togethers invitation-only.
7. While we are on that topic, make sure invitations you receive are legitimate. Phishing emails disguised as meeting invitations are widespread. If pasted into an email from family or friends, check the “from” address against known good addresses. When in doubt, call or text the sender to verify. If tied to the video conferencing provider, make sure to double check for typosquatting, such as zooom.us.
8. If available, enable end-to-end encryption on your video conferencing application. While you might not be sharing intimate family secrets via video conference, you still want to protect against outsiders being able to access communications.
9. Be aware of your state of mind, especially if you are feeling lonely or anxious. Your emotions, together with the typical sense of urgency created by phishers in romance or other scams, often determine if the phishing is successful.
10. Finally, think of family and friends who are not cyber-savvy. Check in on them and listen for signs they may be getting exploited, for example, stories of new online friends, sending a few dollars to help someone out, or a great shopping find.
Follow these guidelines and stay cautious and safe online, and have a joyful holiday season!