It's the holidays for the criminals too, you know...
Social Engineering scams increase right around the holidays. With the increase of people shopping online and the odd-hours, hurried correspondence at work, it is getting harder to filter through which emails are legitimate and which ones could be a trap.
Our 12 Social Engineering Risks During The Holidays
12. Keyloggers Logging
If you go to and attempt to log onto a URL Squatting site (where someone buys a similar website domain, usually off by a letter, to a very popular one), your keystrokes could be captured so the scammers can try to get into your actual account later. Be careful when visiting websites- spelling counts
Another way hackers can track your activity with keylogging is via malware/ spyware that could be installed on your computer via a virus or malware attack. Using a password manager can help, but be sure to check your computer often for rogue software.
11. Swipers Swiping
Remember the recent retail store data breaches? Those are high-profile attacks, stealing thousands of customer's information, but it happens just about anywhere. Be sure to be careful at ATMs and small businesses, including restaurants. Try to keep your card within eyesight if possible. Also verify when you are signing for your purchase that the amount on the slip is what you are expecting to pay- honest mistakes happen all the time when cashiers are extra busy and payments may be manually entered incorrectly.
10. Links I'm Clicking
Don't click links in emails from people you do not know or that will require you to share login information or other sensitive information. Always go directly to the known website name to login or complete whichever action may be needed. (ie: update payment information, confirm passwords, etc)
9. Ladies Chatting
Popups with links to "live chats" or picture feeds tend to be bad news. 'Nuff said.
8. Downloads Waiting
Computer running slow? Take a look in the Task Manager on your PC or see if downloads are running in the background. The newer versions of Windows checks for updates quite often, so if you are able to manually run updates yourself, you may want to consider turning off auto updates. Some malware and viruses will also tie up any attempts at downloading software to protect itself from anti-virus and anti-malware software. So most downloads would be left in a pending status.
7. Restarts Later
Sometimes a restart just doesn't fix the problem... I know, hard to believe. "Turn it off- and on again" is an I.T. mantra. If necessary, start your PC in Safe Mode- this way you may be able to see if malware is running slowing the performance or compromising the security of your machine. Check the list of installed programs, or even the programs that are running on startup to see what could be the problem.
6. Offers Lying
Popups about being today's lucky winner, emails about an inheritance, a really great coupon offer, or even a phone call about a free trial or offer. If it seems too good to be true, it probably is.
READ MORE: Social Engineering Scams Part 6- Quid Pro Quo (Video)
5. Redirected To Bing
Sometimes hacked websites or malware will redirect you to a different site than you were expecting. To see where the problem is, open a new browser, then go to another known address- a news website, search engine, or blog. If you are redirected to another site again, it's you. If the site stays where you had meant to go, it's them.
4. Calling Scams
Yes, scams do happen (quite often) over the phone. This time of year it's popular for "collections companies" , "credit card companies", "utilities", or even "The IRS" to call to insist that a payment is due because your account is in default. You are busy, so it's understandable that your account is behind, and isn't it nice that they will reduce the amount you owe if you pay them right now, over the phone with a credit card. They may even call you repetitively.
If you had been in default in the past or have a lower credit score, you will probably be a target for some of these scams. Do not pay these scammers, insist on any amount owed to be sent to you in writing, but force them to confirm the address the address to you- do not supply them with information that they do not already have.
3. Friend Requests
Be careful who you connect with on social media. Shortened links may look like an interesting news story, but could lead to a malicious website. Only connect with people you know or can confirm are really someone you would want to connect with (are real) and if you start to see a string of strange posts from someone who you already know, don't click the links- their account may have been compromised.
2. Suspicious Emails
Don't open emails from people you do not know, are not expecting, or seem "off" in some way. Always use our tips to field test an email:
- Are you familiar with the person?
Try to confirm that the identity of the person requesting something from you is someone you know. If you do not know a person, or if you receive a communication from a person that is familiar, but it seems a little off, add an additional level of scrutiny to the processing of the request. For example, If you receive a phone call, opt to call back to a known number- any number that the person gives you over the phone may not be valid. If you do not have a phone number for the requestor, use a trusted source to get this information. - Why?
Ask why do they need this information, need to access this area, or why am I receiving this request. If you do not usually receive files or links from this person or organization via email, you should be suspicious. If the person asking or supplying information does not match who you regularly interact with, try to get in touch with your trusted source. If you are going into a restricted area, be sure that a person doesn’t just follow you in. An example would be that some businesses require that guests sign into a log book or are accompanied by a staff member during their visit. Be sure to follow this protocol, even if the person looks like they belong. If you do not know them, or if you are unsure if the person is allowed access, do not allow them the opportunity to Tailgate you. - Do I usually receive this information or request this way?
If you do usually receive some type of information or a request, is it usually passed onto you in this way? For example, do you receive quarterly reports? Are they usually emailed to you, or do you receive a thumb drive with this information? Another example would be if someone you know sends a text message to request a bank pin. - Are you expecting this information?
If an unsolicited email, disc, file, or phone call makes its way to you, be sure to consider whether you are expecting it. In our quarterly reports example, are you expecting that information? If you are not, confirm that the request is authentic from a known source via a known method of communication- sometimes you just need to walk down the hall or pick up the phone. Is it typical for you to process certain types of requests? Just because you have access to the information, does not mean that you are the person who should be distributing it. Another example is; Are you expecting a phone call from technical support? If you did not place a phone call or support request, it is unlikely that someone would be contacting you about a computer issue. - Is the request personalized?
If you receive an email, is the email addressed to you and is the greeting personalized? For example, an email may be addressed to someone in your organization, but sent to you. Be sure to talk with the person the email is addressed to before you send it, open files, or click any links. Mistakes happen when sending information, but be wary of information or requests that are not addressed to you.
READ MORE: Social Engineering 101, An Introduction
1. And A Trojan On My Home PC
It's sad, it really is. Your home PC, your window to the world wide web and work has been compromised. Hopefully you do not have too much saved to your local PC that you will lose. Bite the bullet and go back to a backup if necessary. If you need assistance, there are many options available to you. Do not pay ransoms, or services that pop up on your PC offering to fix the problem.
So be vigilant- Social Engineering Scams run rampant around the holidays. If you are cautious, take your time, and think before you click, you should make it through hackmas relatively unscathed.
BTW: back up all your holiday pictures, mailing lists, and other important files on either an external drive our cloud service- it makes recovery easier. With all of the door busters, and holiday sales, the larger USB-type storage devices will be at a good price.
My Tip: When purchasing a USB Storage Device, get at least 3x the memory of what you currently need as digital photos are getting higher in resolution- so file sizes are growing.