1. Unhappy Holidays
Tis the season…for an increase in shopping scams.
From unbelievable deals to undeliverable packages, and even fake charities, the holiday season scams that proved successful last year have returned.
You may have already seen a Black Friday or Cyber Monday email offering a thousand dollar TV marked down 90%.
You may have been sent a text message that your FedEx parcel couldn’t be delivered and you need to click on the tracking link in order to update or confirm the address.
You may even have been called and asked to support a heart-warming charity trying to help those in need this particularly difficult holiday season.
At first blush, any of these could be legitimate. To protect yourself when they aren’t, please keep in mind the points below.
And if you enjoy video, watch this three minute interview at WTOC where Cyreia Sandlin and Chuck discuss some warning signs of these typical holiday scams.
How to stay safe:
- ‘If it’s too good to be true, it probably is.’ It’s an old saying that’s still true. When you see an incredible offer, ask yourself how the company could stay in business if it were real. In the example above, is the TV not worth the original, thousand dollar price? If it is, how could the company last selling it for one hundred dollars? And if it’s not, then what else about this ‘deal’ isn’t true?
- Before clicking on any link, whether in text or email, train yourself to stop for a second. A tracking link or delivery issue is such a plausible topic that these scams continue to work. But check for signs of a generic message that could be sent to multiple people. For example, does it address you by name? A legitimate company will have your account information. Does it have any identifying details of the order? And is it from the right shipping company? You may not always know when a business uses UPS rather than FedEx, but you should have a confirmation email you can refer back to. Rather than clicking on the unsolicited message link, go back to the original, official one.
- If you are approached by a charity, whether by phone or email, do your homework before giving. There are so many legitimate organizations working tirelessly to improves the lives of others and relying on your help to do so. Unfortunately, there are also others that come up with similar names and missions solely to steal your money. So ask questions. Don’t let them rush you. Look them up independently. And feel free to say, “no.”
2. Fake Teams Update Ad
This scam has been used to target numerous industries, most recently education (K-12). It appears as an ad, trying to lure you into updating your Microsoft Teams software.
What’s particularly dangerous about it is that simply clicking on the ad starts downloading the malicious payload. You won’t be sent to a landing page first where they can try to steal your credentials and where you may see signs of a scam. Instead, your click starts a script that will typically steal your sensitive information and open a backdoor into your computer (and network). You’ll also get an authentic copy of Teams installed to help hide what’s really happening.
So how do you avoid a trap like this?
- Always be careful of ads. If you see one that sounds appealing, navigate to the website independently and see if the offer is real. You can also open a new tab and search using the terms in the ad to see if it has been reported as a scam.
- If you’re not already, consider using a web browser that can filter and block malicious websites. A tool like that should keep such an ad from even appearing to you. You can also have settings to block executable files from downloading unless they come from trusted sources.
- With regard to software you need or want, always ask your IT partner first. We’re constantly testing out something new, and we’ve worked with so many programs already, that we can usually give some well-rounded recommendations. And we typically roll out updates to programs automatically during off-hours so they don’t impact your day.
3. Vaccine Scams
A global pandemic is the gift that keeps on giving to criminals. Bad actors have already issued scams about current statistics and infection maps, government funding. tracking apps, and employment rights and layoffs. And now, experts expect them to shift to the vaccine.
The logical concerns and questions people have will become the focus of these scams. Issues such as whether the vaccine may be safe, when and where it can be taken, and how much it will cost will be used as bait in emails and online surveys.
Messages seeming to come from HR could have links to insurance coverage information. Emails appearing to be from government agencies or local pharmacies may link to ‘your nearest vaccine location.’ Some may even claim to let you register or reserve your dose in advance.
They will all try to play off your natural curiosity, fear, or concern. They will all cause you nothing but trouble.
What can you do against this?
- Awareness training is critical. Scams used to be easier to spot. They typically had bad or no graphics, and the grammar was atrocious. Now, they can copy company logos perfectly and use tricks to hide their malicious domains. So it’s up to us to be vigilant. We need to know the warning signs and look out for them. We need to stop and think before every click. And we need to tell those around us to as well. Because a network is only as strong as what its weakest link lets in.
- If my team or I can help in any way more than sending this monthly information, please let me know. It’s been a long, strange year, and I am honored to say we’re still here for you.
