'Tis the Season to be Hacked

IT security defenses are being regularly tested. Hackers want data very badly, so they can sell it to criminals on the dark web. They also want to encrypt your data, so they can collect huge cryptocurrency ransoms. And not a day goes by when hackers are not searching for ways to divert wire transfers to fraudulent bank accounts. The motivation is big money, coupled with a miniscule risk of getting caught.

Cybercriminals love the holidays because consumers spend a lot of time and money online. Many people are also traveling and spending time with family and friends. The bad guys know how easy it can be to let your guard down and take full advantage of the opportunity to cash in. Keep in mind that these schemes don’t just target emails; they use voice and text messages, too. And thanks to rapid advances in technology like artificial intelligence (AI), it’s getting harder to spot the imposter.

Learning how to identify telltale signs of fraud is your first and most important line of defense. Read on to identify common schemes that cybercriminals use to trick their targets into opening an attachment, clicking a link or revealing sensitive information. 

Red Flags

  • Order or shipping confirmations that provide attachments or links to view or track items you did not order – even if they look credible.

Example of a fraudulent shipping confirmation.

  • An attachment to claim a prize for a sweepstakes you did not enter.
  • Messages instructing you to reset your password by clicking a link.
  • Communications inviting you to rate the U.S. Postal Service or another company by clicking a link.
  • Unsolicited requests to purchase gift cards.
  • Unexpected requests to provide data or remit payment for services.
  • A phone call that appears to come from a family member in trouble who needs money right away.

If you receive any of these communications, ask yourself:

Did I place an order for this item? If you can’t recall, go straight to the source. Check your receipts or order status on the vendor’s official website.

Do I remember entering this contest? Who doesn’t love getting free stuff? Before getting too excited, remember that fraudsters love to reel folks in this way. If it’s too good to be true, it probably is. By clicking a link in an email to claim your prize, you could infect your computer or mobile device with malware.

Would someone sending me a gift spoil the surprise by using my email address for order or shipping confirmation? Although some delivery companies request the recipient’s email or phone number, confirmation of receipt is triggered after delivery, so you know who to thank. If you did not receive the item referenced, the communication is likely a scam.

Was I recently locked out of my account or request a password reset? If not, a fraudster may have attempted to access your email account. It could also be someone impersonating a vendor to trick you into revealing your username or password to access your personal or financial data.

Would a friend or family member call me with an urgent request to send them money? If this behavior is not common practice and seems odd, it is more than likely the fraudster has used voice cloning to pretend to be someone you know.

Trust Your Instincts

If something feels “off,” trust your instincts. Take a moment to read the tips below to learn how to spot and avoid fraud.

Pro Tip #1: Never use the contact information provided in an unsolicited communication.

Never assume it is safe to click on unverified links, scan QR codes or open attachments, and never share your log-in credentials or password! If you’re unsure whether a link or QR code is legitimate, do not click or scan it. Be wary of unknown phone numbers and unsolicited texts, and never use any of the contact information they provide.  

Pro Tip #2: Always be suspicious of changes to wiring instructions. 

Legitimate changes to wiring instructions are rare – even if they appear to come from your title company or closing agent. If you are unsure, follow the next step.

Pro Tip #3: Always use a verified phone number to confirm the legitimacy of a request.

Unfortunately, it can be hard to know if someone is really who they claim to be in the digital world. It’s always best to go straight to the source to confirm the legitimacy of a request before acting on it. Before closing on a real estate transaction, consider adding your title company or closing agent’s direct line to your cell phone contacts for quick reference.

Educating yourself about the latest cybercrimes can help protect your funds and keep your holidays merry and bright. For more information about holiday scams, check out this brief video from the Federal Bureau of Investigation.