12 scams of Christmas.
During the holiday season, it’s important to watch out for scams targeting shoppers and donors. Here are key types to watch for:
- Misleading Social Media Ads: Research before buying, as many items advertised on social media are either fake or not as described.
- Social Media Gift Exchanges: These scams involve pyramid schemes where personal information is shared, and gifts or money are sent to strangers.
- Holiday Apps: Be cautious of free apps, as they may contain malware or excessive ads; review privacy policies and app reviews.
- Fake Toll Collection Texts: Scammers impersonate toll agencies, sending links to fake payment sites—verify through the legitimate service.
- Free Gift Cards: Avoid unsolicited emails offering free gift cards; these are usually phishing attempts to steal personal information.
- Temporary Holiday Jobs: Watch out for fake job listings aimed at stealing money or personal details.
- Impostor Scams: Be careful of fake websites or social media accounts impersonating businesses or customer support.
- Fake Charities: Verify charities before donating, especially during the busy holiday season.
- Fake Shipping Notifications: Scammers send phishing emails about deliveries, often with links that steal information or download malware.
- Advent Calendars: Research sellers of popular advent calendars to avoid unfulfilled orders or counterfeit products.
- Holiday Wishlist Items: Be wary of low-priced luxury goods or toys, as they may be knockoffs.
- Puppy Scams: Many online pet ads are fake—always meet pets in person before making a purchase.
Exercise caution and verify before making any purchases or donations to avoid falling victim to these scams.
Read More: BBB
UPS issues alert about ‘smishing’ scam Involving text messages.
UPS is warning customers about ‘smishing’ scams during the holiday season, where fraudulent text messages with fake package tracking information are sent to steal personal details. To avoid falling victim, recipients should be cautious of texts with unknown tracking info or clickable links. Real UPS tracking texts include a tracking number, package status, delivery date, time, location, and instructions to stop further messages. UPS texts never contain clickable links, and customers can request updates by texting their tracking number to 28777. For more information, keywords for specific tracking details are available on the UPS website.
Read More: USA Today
Windows malware phishing attacks target YouTube channels.
Cybersecurity firm CloudSek has reported that attackers are impersonating brands to target YouTube channel administrators, sales, and marketing staff with phishing emails. The attackers use automation to gather email addresses of YouTube channels and send bulk emails promising large compensation, up to $50,000 for channels with over 2 million subscribers. These emails contain OneDrive links to password-protected ZIP files, which include malware. The emails ask for financial data under the pretense of sending payment for a sponsored segment.
Once the ZIP file is opened, the malware, an info-stealer, steals browser credentials, cookies, and clipboard data. The file, disguised as “Contracts and Agreement Archive Collection.rar,” loads a process named “webcam.pif” to avoid detection. This malware has been flagged by 48 cybersecurity firms, and programs like Malwarebytes, Avast, or McAfee can detect it.
Read More: PC Mag