US consumers are encouraged by the Department of Homeland Security (DHS) to be wary of malicious campaigns and scams that usually start targeting during each year’s holiday season.
“As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online,” CISA said.
“Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.”
The Europol, as well as government agencies from the United Kingdom [1, 2] and Australia have all issued their own warnings about holiday-themed fraud at one point or another in the past, just as the FTC did and the DHS previously in 2017 and 2018.
Holidays are a busy season for scammers
A first sign of what’s coming was revealed by Emotet’s operators who pushed out new spam templates inviting potential victims to a neighborhood party on Halloween. While those emails promised a treat, in reality, the Emotet campaign would trick its targets into installing a malicious payload.
Consumers have been constantly targeted by fraudsters who frequently take advantage of the holiday season to push themed scams via online advertisement, misleading sales calls, phishing emails, and text messages.
Last year, for instance, a holiday-themed phishing campaign delivering emails pretending to be Amazon order confirmations targeted people shopping for holiday gifts as email security company EdgeWave discovered.
The attackers infected their victims with the Emotet banking Trojan that would run silently in the background and logging keystrokes, stealing account credentials, and performing various other nefarious activities on their computers.
This said while the Internet is usually a quite scary place all throughout the year, it is even more so during the holidays when crooks get a boon of new baits to use with their scams, just as they do during other events such as natural disasters, epidemics and health scares, economic concerns like IRS scams, and major political elections.
How to protect yourself
CISA provides a list of measures you can take to defend against holiday shopping, phishing, and malware scams, the most important advice being to always be careful when opening attachments or clicking links in unsolicited email messages.
The DHS agency has also published in the past a series of security tips via the National Cyber Awareness System on what steps you need to take to protect yourself from malicious emails and how to guard your sensitive info against phishing attacks.
Consumers are also recommended to be cautious while shopping online during the holidays because fraudsters can attack them by intercepting insecure transactions, by targeting unpatched systems, and by creating cloned sites and using scam email messages to harvest their financial and personal info.
If you have any reason to believe that you were the victim of a holiday-themed malware campaign or phishing scam, you need to take the following measures to protect yourself and prevent any further financial, data loss, or potential identity theft fraud: