The holiday season is around the corner. This is usually a time of the year that comes with heightened online activities, as most people turn to the internet to take advantage of various offers that are available. However, this is not just a great time for merry shoppers. Although some individuals choose to become cybercriminals out of necessity, some enjoy the thrill of scamming honest people out of their money.

Scammers are also on high alert at this time, since they too want to take advantage of increased online activity. As a shopper or an active online user, it pays to be able to identify and avoid the top holiday cyber security scams.

Read below to discover the most popular types of cyber security fraud, and learn about the specific measures you need to take to avoid becoming a victim of the world’s best online scams.

Protect your family, friends, and colleagues by learning how to spot a scammer immediately, and educating those around you, at home and at the office.

Fake Gift Cards, Gift Certificates & Coupons

Millions of online users fall victim to fake gift cards or gift certificates, and online coupons, every year without fail. Scammers love gift cards and coupons because they are not easily traceable, and shoppers tend to be particularly tempted by free stuff, making them vulnerable.

Typically, cybercriminals create fake stores or listings or even entire online communities, such as Craigslist, for discounted gift cards or coupons. Their goal is to capture your credit card details, which they will then use to empty your bank accounts.

Scammers may also get you to purchase a voucher for them on behalf of someone you may know, sending you a fake request from an email address using the name of someone you may regularly interact with publicly or on social media, such as an employer, colleague or close friend.

How to Detect Holiday Gift Card Scams

Some of the signs that you may be on the verge of being scammed via fake gift cards and coupons, are as follows:

• Someone is requesting an activation fee in exchange for the gift card, using a suspicious-looking email address or anonymous communication channel.
• You have found yourself on a suspicious-looking online store, on a domain name that was recently registered, with an unestablished-looking or unsecured URL.
• A gift card without a valid receipt is being offered, making it impossible for you to validate the purchase.
• You are being asked to quickly make a time-sensitive gift card purchase by someone close to you on their behalf, from an unusual email address. Once purchased, this person asks you to quickly send you the gift-card code.

How to Stay Safe

Always remember that gift cards should be used as gifts. If someone is asking you to buy a gift card for them, then know that you are likely in the process of getting scammed, and complete your due diligence. Above all, make sure the request to purchase a gift card is truly being made by the person who you believe you are exchanging messages with. It is advisable to avoid purchasing gift cards from any third-party store or entity. Stick to making your purchases from the issuer’s original online stores or any major retailer’s website, and stick to brands you are familiar with.

Online Shopping Scams Offer Huge Discounts

Cybercriminals have perfected the art of creating fake online stores or lookalikes, and offer massively discounted prices, ensuring that their online shopping scams entice unsuspecting shoppers.

Unfortunately, there is only so much that an IT network security firm can do to prevent these kinds of scams, due to the manual nature of actions taken by the victims. The best that can be done to prevent employees, friends or relatives from succumbing to such scams, is to spread awareness as early on as possible.

Buyers believe that potential victims make genuine purchases from their favorite online brands, and are grateful for seemingly huge discounts or freebies.

However, in reality, victims make purchases from a lookalike website, and far too often, voluntarily surrender their credit card details and personal information, to an online fraudster.

How to Detect Fake Online Stores

Here are some of the warning signs to help you identify fake online stores:

• Avoid stores offering significant discounts; generally over 50%.
• Pay attention to signs of phishing scams, poor grammar, poor image quality, fake sounding reviews from alleged past customers.
• The website lacks basic company information such as an About Us page, and Contact information.
• URLs seem suspicious.
• Website is unsecured.
• Website was only registered recently. Click here to find out when a website’s domain name was registered.
• The text on the website you are visiting is not unique.

How to Stay Safe

To avoid getting scammed by fake online stores, always ensure that you are dealing with the official website of the brand in question.

Be very cautious with sellers offering huge discounts, and if you have to make a purchase from an unknown online vendor, conduct some research online to verify whether or not they are scammers. Check the company’s online reputation out using multiple channels, including Google, Facebook, and TrustPilot.

If you are about to click on a website but it doesn’t inspire your confidence, you can run a quick security scan using Sucuri, which quickly checks websites for any red flags in terms of malware and security. Sucuri SiteCheck scanner will check the website for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code.

In case you find yourself on an unknown or untrustworthy-looking website, there is an easy and quick way to verify whether content on the website you are viewing is unique, or if it has just copied its content from another source online. Simply copy a snippet of approximately 1 entire sentence from the website, and paste it into Google Search Engine. Scroll through the search results to confirm whether multiple websites containing the same content appear.

You can also quickly check how many pages a website has by typing “site:” just before the URL of the suspicious website to see what comes out on Google.

*Do not include “https://www.” before the website’s URL.

For example:

This illustrates how many results pages were found in Google search engine, and lists each page that has been found.

Romance Scammers

Lonely during the holidays? Perhaps you were recently contacted by an attractive or suspicious person on Facebook (META), Instagram or perhaps on a popular online dating site such as Tinder. Or; maybe they just want to be friends. Most people have already come across these types of “romance scammers”.

For instance, Simon Leviev is a convicted conman from Israel. The documentary “The Tinder Swindler,” exposes details relating to the path chosen by this convicted fraudster.

Using the lavish lifestyle portrayed on social media, Leviev scammed women he met on Tinder, and baited them with impressive and costly first dates. Once a connection was formed with each victim, he would ask his victims for thousands of dollars, claiming that his life was in danger.

In December 2019, this convicted love scammer was sentenced to 15 months in prison but only served a few months due to good behavior. Charges included theft, fraud and forgery.

How to Stay Safe

Beware of exchanging any personal or sensitive information with these individuals whatsoever; they may seem friendly at first, but later start to ask for favours, may attempt to obtain your personal information for the purpose of identity theft, and could even try to extort you. Some scammers can spend months, and even years baiting their prey before they pounce, and before you know it, you could find yourself in the midst of an online dating scam.

Social Media Ads Running Fake Promotions

Since people spend multiple hours per day on social media, it has become a fertile hunting ground for cybercriminals. These individuals or groups of people create fake social media pages, and run fake promotions and listings.

A great recent example of this, manifested itself following Elon Musk’s purchase of social media giant, Twitter.

Musk’s intentions seemed purely positive when initiating “Twitter Blue”, essentially allowing users of the platform to verify themselves as premium users via their respective Apple IDs and phone numbers, for a monthly fee of $7.99.

However, “Twitter accounts impersonating celebrities and politicians spread like wildfire on the site, shortly after the company rolled out paid check marks.

Almost immediately, users started taking advantage of the new tool. Accounts were created impersonating politicians including President Biden and celebrities, as well as other notable people. Several also surfaced purporting to be brands, announcing fake news.” – The Washington Post.

There are also other scams on social media designed to steal your identity or to get you to transfer money. Here is how you can identify common online scams:

• The link from the social media ad will take you to a suspicious online store.
• The account behind the promotions has a low follower count, a large quantity of fake followers, or the page was just recently created.
• The promotion seems too good to be true.

How to Stay Safe

Remember that not all stores or sites you get to from social media links are legit, including ads. Make sure to verify the key warning signs, and do your due diligence before making any transactions or clicking on any suspicious links. Be extremely careful to validate the source, prior to transmitting funds or personal information.

Fake Charities Designed to Steal Your Money

Some scammers love taking advantage of the generosity of millions of online users, by creating fake charities. Most of these charity scams are very tough to spot, even by the most reputable security providers in Montreal.

By the time you notice that you have been scammed, you may have already been robbed of your hard-earned money. Here are a few tips to help you detect some of these charity scams:

• Before you make any donation, be sure to check the URL, as well as the name of the organization.
• Be very careful with campaigns that use hard-sell tactics or vague language.

How to Stay Safe

Before you make any donations, research the organization through Better Business Bureau’s Charity Navigator tool or Wise Giving Alliance.

If you want to contribute to a GoFundMe campaign, research the organizers behind it, prior to letting your seasonal generosity manifest itself.

Fake Seasonal Jobs

There are so many people interested in making extra cash during the holiday season. People seeking out seasonal work can be easily targeted by cyber criminals, via fake seasonal job postings.

Scammers will post fake jobs offering good money, for a minimal amount of work. The goal is for you to send them money for “supplies and training”, as well as to steal your personal information.

Here are a few tips on how to identify seasonal job scams:

• They promise to hire you immediately.
• They offer a guaranteed job once interviews are held on WhatsApp or Telegram; possibly even Snapchat.
• They are demanding your personal information, bank details, and tax details immediately.
• They require you to send money to the company prior to getting hired.

How to Stay Safe

Before you consider making any serious application to these seasonal jobs, verify the reviews of the company on reputable job websites, such as Glassdoor.

See the kind of comments left by past applicants to know whether they are legit or just another scam designed to cheat you out of your money, and waste your precious time.

Scams Featuring Popular Brands

This season, scams for Nike and Ray-Ban brands have already been identified.

As for gift card imposters, this year, popular targets include big-tech, such as:

1. Google
2. Amazon
3. Apple

Here is a list of popular religious, festive and shopping holidays, seasons and times throughout the year when online fraud tends to pick up:

• Christmas
• Christmas Eve
• New Year’s Eve
• Hanukkah
• Sukkot
• Diwali
• Mother’s Day
• Father’s Day
• Easter
• Black Friday
• Cyber Monday

Here are just a few popular scam URLs to beware of throughout Black Friday:

• coatpark[.]com
• nestorliquor[.]com
• annishuan[.]com
• hugoiio[.]com
• cathytok[.]com
• hardaddy[.]com

Taking Cybersecurity Seriously

Ultimately, a preventative approach to seasonal online scams is always best. If you manually send a transfer or make an online purchase, there is little your bank or credit card provider can do to mitigate the situation and reverse the charges. Furthermore, the risk of having your computer taken over by Ransomware scammers, and/or jeopardizing sensitive or important data or suffering data loss, increases tremendously throughout the holidays. So keep your eyes wide open, and be careful where you click, who you’re in communication with, and what you purchase. Don’t let any time-sensitive offers or requirements throw you off, and report anything suspicious to those around you. Also remember that just because you’re signed into your own email account, doesn’t mean you’re still safe; you could be one-click away from a phishing attack.

Keep in mind that even outside of computer crime, there are various other types of fraudulent activity. For instance, there have been many scam check initiatives designed to mail what seems like an ordinary cheque to someone, who they had previously invited to participate in the completion of a relatively simple task. They are then mailed this check and asked to cash it. They then request that a portion of the money that was deposited is transferred back over to them.

Happy holidays, be safe, and if you do happen to identify any cyber scams online, we’d love to hear about them. If you want to be even more benevolent, remember that cyber crime reporting of any online scams you’ve identified publicly on the internet, to your financial institution or to the police. In fact, now that you already have an idea how to report a scammer online, you should also know that there is a division of the Montreal police that manages these types of illegal activities, known as CyberCrime.

Of course, if you’re concerned with the safety of your business continuity, sensitive information, and wish to avoid any instances of ransomware or data-loss, our network security solutions may be of interest to you. Feel free to contact Info-Tech Montreal for more information.