How to Avoid the Busy Holiday Scamming Season
Internet fraud has existed for about as long as the World Wide Web itself. From year to year, cybercriminals come up with new tricks and techniques aimed at deceiving their potential victims. In this article, we will look at the different types of fraud and how you can avoid it the busy holiday scamming season.
Phishing emails include fake notifications on behalf of administrators of banking and payment systems, as well as email providers and social networks, online games, etc., aimed at provoking you to follow a fake link so that your confidential data (login, password, etc.) fell into the hands of scammers. Bank phishing is considered traditional, targeting your online bank account or account in an electronic payment system. Having learned your username and password, attackers immediately gain access to your account.
Phishers are adept at faking their letters to look like official letters from various organizations. In particular, they use the logos of these organizations and the general style of their legal correspondence. As a rule, in a letter, the user is asked to follow a link to enter personal data (usually the excuse is the latest measures to improve the security of the site, allegedly carried out by its administration, in connection with which the user must log in again). After following the link, the user is taken to a fraudulent site that looks just like the real one, and, without suspecting anything, enters his or her username and password in the appropriate fields. After that, the data is sent to the scammers, and the user is redirected to the real site. Fraudulent sites often contain exploits that install spyware on the victim’s computer. So even if you are not going to enter your username and password, but followed the link out of pure curiosity, you can download a malicious program to your computer that can subsequently steal a variety of personal information.
How to recognize a phishing email
Case 1. You received a letter from a bank / payment system / postal provider. You are not using this bank / payment system / postal provider. It means that the letter is definitely fraudulent – just delete it.
Case 2. You received a letter from a bank / payment system / postal provider. You have an account on this system. Carefully read the text of the message: if you are asked to enter your login / password by following the link, then the letter is fraudulent under some pretext – banks, payment and postal systems never ask users to log in by following the link in the letter. In these systems, the login and password must be entered only to access your personal account.
Another easy way to tell a fake email from a real one is to hover your cursor over the link. Then, in the tooltip or in the lower-left corner of the email client, you will see the real address of the site, which you will be taken to if you follow the link. Take a close look at it: the second-level domain (the one immediately before the first slash) must belong to the organization from which the mailing comes.
So, in a letter from the PayPal payment system, the link in the form of
will be correct, while the links
and any other links not immediately preceding the first slash of the paypal.com domain will be fraudulent.
If you still have doubts, go to the official site, ignoring the link in the letter and entering the site address in the address bar of your browser. This way you will protect yourself from going to a fraudulent site and find out everything you need on the official site.
However, for fraudsters, the tidbit is not only your online bank account or account in an electronic payment system. They are interested in any personal information, so phishing can also target mail systems, social networks, online games – in short, any system where the user has a username and password.
Phishing: social media
Do you have an account on Twitter, Facebook or any other popular social network today? Then you already know what an official mailing notice looks like. However, a fake notification may also look like it is intended to provoke you to follow a fake link so that your personal data falls into the hands of an intruder or opens access to your social network account. The scheme is exactly the same as the banking phishing scheme described above: you receive a notification, allegedly on behalf of the social network administrators, that someone left you a message or wants to add you as a friend, or that you need to update your account. You follow the link, but instead of the official site, you find yourself on a fraudulent one that exactly copies the legal site. Next, you enter your username and password, after which they are sent straight to the scammers, and you are redirected to the official website.
False notifications from social networks may not contain a requirement to enter a username and password, the letter may look like a real one in everything except the link.
Look carefully which site you access, often scammers make their domain names look like the names of legal sites.
For example, http://fasebook.com instead of http://facebook.com
Phishing: online games
Even free online games often contain certain elements for which the creators of the game ask to pay money: additional armor, artifacts, the original appearance of the character, any additional bonuses. And money always attracts scammers. The scammers’ task here is to kidnap your character, with all his/her additional attributes which you bought, as well as with all his/her experience and skills, and then sell it all. To do this, scammers, try to lure the user to a fake site. Just like in other types of phishing, the address of a fake site can be very similar to the address of the official one.
Only a very attentive user will notice that the domain to which he or she was asked to switch contains an extra letter “i”: worlidofwarcraft.com. But there is another important indicator that this letter was sent by scammers: in real letters from the administrators of gaming systems, they never offer to follow the link in the letter to enter the password!
In order to attract the user’s attention, scammers can come up with more cunning excuses. You may be offered to test the beta version of the new game, to promise various bonuses and gifts – just follow the link. However, by doing this, you can get to a fake site through which cybercriminals will try to steal your personal data, or to an infected site from which various malicious programs are downloaded to your computer.
Protection methods are the same as with other types of phishing: never follow the links; enter your personal data only on the official website, which you visited yourself through a browser. You can always go to the official website bypassing fraudulent links.
Other traditional types of fraud
“Forewarned is forearmed,” the saying goes. This is true of fraud protection. Sometimes it is enough to know what methods the attackers use so that you can immediately understand that they are trying to deceive you. Let’s consider the most popular types of fraud:
- Fake lottery winning notifications. The letter informs you that you allegedly won the lottery. The goal of the scammers is to trick you of some money in order to “transfer” your prize money;
- “Nigerian” letters. These are letters in which you are asked to transfer money from a distant African (or any other) country to your account, and promise interest for this. In the future, the scammers will ask for your account number, allegedly for transferring money. However, instead of transferring money to you, they will withdraw your funds from the account. There is also an option when scammers ask to send them a certain amount of money, allegedly for the services of a lawyer or for transportation costs. After you send them money, they simply stop communicating with you. There is another, even more dangerous course of events: scammers use your account in such a way that you find yourself guilty of their money laundering schemes and go to jail in their place;
- Financial pyramids and easy money. In these schemes, the potential victim is asked to invest a little money so that later it turns into a big profit. In fact, this fraudulent scheme works on the principle of “how much you invest, so much you lose”;
- Internet begging. Letters purportedly from charities or people in need. In fact, such letters are either purely a bluff or they contain links to real organizations and funds, but the specified details for transferring money belong to the scammers. Remember, charities don’t send spam, they have other methods to attract investment. If you still want to check the information provided in the letter, find the address of the relevant organization, call there and specify how you can transfer money;
- SMS spam fraud. These are letters in which you are asked to send an SMS to a short number under various pretexts. Whatever the scammers promise in such letters, the matter will end up with you paying at least ten dollars for a nonexistent service.
So, you should immediately delete letters containing any offers related to money from people unknown to you, including:
- offers to make money (easy money, help with transferring money, investments that will bring “untold” wealth);
- offers to help someone with money (for treatment, a poor Nigerian beauty, etc.);
- informs about any “winnings”;
- offers to get free software, movies, etc.
Internet safety rules
You should remember that there are many other threats, in particular, a variety of malicious programs that can steal various passwords, logins, information about credit cards without the fraudsters “communicating” with the user.
In order to protect yourself, you must follow a few simple rules:
- Use an antivirus: a modern, regularly updated antivirus will provide reliable protection against a variety of Internet threats;
- Regularly download updates: software updates close vulnerabilities that could be exploited by intruders;
- Do not leave your personal data on open resources: data left on the Internet is collected by criminals’ robots that can later use them for their own purposes (for example, send more spam to your mailbox);
- Do not download anything from random sites: there is a high probability that you will receive malware along with the downloaded program / book / movie;
- Do not follow links in spam emails: such links often lead to fraudulent or malware-infected sites;
- Do not open attachments in letters if there is any doubt about the reliability of the addressee: It is likely that the attachment contains malware (even if it is a Word document);
- Do not try to “unsubscribe” from spam (especially if the spam message contains a corresponding link): this will not help to get rid of spam, rather the opposite. There are two most likely scenarios: 1) spammers regularly launch automatic scanning and cleaning of their databases from non-existent addresses; By replying to the letter, you confirm that your address (which, perhaps, was picked up automatically) really exists, it is really read. This will induce spammers to add it to separate, “clean” databases, as a result of which you will receive even more spam; 2) following the link, you will be taken to an infected site and receive a malicious program on your computer;
- Do not respond to tempting offers, especially if they are associated with getting quick money: by responding, you will either lose your money or become involved in criminal fraud.
Fraud, alas, is ineradicable. It can catch us everywhere on the Internet: in e-mail, social networks, on various sites. Over the years, attackers have been inventing new tricks, but the basic mechanisms of deception remain the same. Only you can make your life in the virtual space safe. We hope you find the above tips and information helpful and avoid the busy holiday scamming season.
Tags: holiday, scamming, security