Cyber Monday scam Hackerpositioned to attack on Cyber Monday.

Cybercriminals are preparing for the holidayswith stealth, and they're determined to take advantage ofdistracted consumers. In this second installment of a two-part article on holiday scams, morecybersecurity professionals provided CU Times with detailson scams credit union professionals and members should watch outfor.

Rebecca Herold, founder of SIMBUS and CEO of The PrivacyProfessor:

  • USB charging station skimmers: Cybercriminalscan quickly (in less than a second) and discreetly install skimmingdevices into charging station ports that will copy all the data andother files from the devices using them, or load malware orransomware onto those devices. "Use a standard power outletwhenever possible to charge because cybercrooks cannot compromisethese very easily," Herold advised.
  • Credit card skimmers and shimmers: These canbe quickly installed and will capture all the credit card data fromthose using them. Skimmers often snap over the credit card reader,but are sometimes inserted within the credit card reading device;ultra-thin shimmers, which take data from chipped credit cards, fitinside the reader.
  • Malicious apps: "Cybercrooks know most peopleare gullible for fun, free apps, so they put out their own thatwill steal data from your phone, send and post messages on yourbehalf to a wide range of online sites, load malware on yourphone/tablet/etc., launch ransomware and do even worse," Heroldsaid. Before downloading an app, ask yourself: Do the app providershave a professional website? Describe privacy protections? Withwhom they share your data? Include clear and validated contactinformation? If the answer to any of these questions, is no, do notdownload it.
  • Phishing messages related to holidays andgifts: "Last year there were many holiday-time phishingscams where emails pretended to confirm Amazon orders targetingpeople doing online shopping. If you get a message that seems toogood to be true, delete it."
  • Fraudulent classified ads, social media ads andauctions: Internet criminals often post classified ads orauctions for products they do not have. Do not provide credit cardnumbers, bank account numbers or other financial informationdirectly to sellers you cannot validate through legitimate thirdparties.

Paul Bischoff, privacy advocate with Comparitech:

  • If you see small charges on your credit card or bank accountthat you don't recognize, don't ignore them. After stealing carddata, fraudsters will "ping" the card with a small charge to testits validity, then sell it to someone who will charge a lotmore.
  • Watch out for affinity scams. Scammers prey on people with goodintentions by posing as charitable organizations. They may take alarge commission or simply pocket all of the money.
  • If a deal sounds too good to be true, it probably is. If avendor on a marketplace like Amazon or eBay asks to communicateoutside of those marketplaces' official channels, do not doit.
  • Watch out for phishing emails. Scammers send emails posing asyour financial institution, a retailer or even a government agency.These emails try to instill a sense of urgency in victims. Do notclick on links in unsolicited emails. Always check the domain ofthe sender's email and of the website.

Sherri Davidoff, CEO, Brightwise:

  • Infected e-cards: "Criminals love to send cuteThanksgiving, Christmas and New Year's e-cards, which entice you toclick a link – but once you do, your computer is infected withmalware that can steal your online banking credentials, credit cardnumbers and more," Davidoff said.
  • Gift card scams: "Scammers impersonate yourCEO or another executive, and send emails or text messages to theoffice manager, executive assistant or other staff, asking them topurchase gift cards." The victim sends card details to the scammer,who steals them and cashes out.
  • Fake retail deals: "Cybercriminals love tolure consumers into clicking on fake offers. Often, these phishingemails perfectly mirror real email blasts sent by Amazon or otherbig names. To be safe, do not click the link – instead, type thestore's address directly into the address bar."
  • Point-of-sale and ATM skimmers: "Criminals canplace skimmers to steal credit or debit card numbers as you swipe.They can also overlay a keypad to capture PIN numbers. Check cardreaders and PIN pads carefully for unusual signs such as cracks,loose parts or scratches. If you notice anything suspicious, do notuse that machine."
  • E-skimming: Criminals break into third-partysoftware providers to inject malicious code designed to stealcustomer payment data into thousands of websites at once. Merchantscan defend against this by carefully vetting third-party code.

Anurag Kahol, CTO and co-founder, Bitglass:

"Black Friday and Cyber Monday present a great opportunity forretailers to collect customer data," Kahol said. However, whileramping up efforts to collect this data, it is even moreimportant to store it safely in order to meet data privacyregulations like the EU's General Data Protection Regulation."While complying with data privacy laws can be particularlychallenging for small- and medium-sized businesses, the demands forSMBs are still the same as larger companies and they must take fullresponsibility for securing their customer data."

Ben Goodman, CISSP and SVP of global business/corporatedevelopment, ForgeRock:

"The online holiday shopping frenzy that comes with Black Fridayand Cyber Monday represents a great opportunity for consumers togive themselves a privacy checkup," Goodman noted. "People tend toreuse passwords across multiple accounts, meaning that if one setof login credentials are exposed, the individual can become highlysusceptible to accounts with much more sensitive information beinghijacked such as banking, health care and even governmentportals."

Alexander García-Tobar, CEO and co-founder, Valimail:

"Retailers recognize that email marketing is one of the mostimportant tools for capitalizing on this massive sales opportunity,but it also represents a huge opportunity for cybercriminals tosend phishing emails to consumers by impersonating popular brands."These fraudulent emails come in many forms, including fake salesalerts and fake online order confirmations. "To prevent theseattacks, brands need to protect their domains from both inbound andoutbound phishing attempts with strong sender identityprotection."

Continue Reading for Free

Register and gain access to:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts.
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders.
  • Educational webcasts, white papers, and ebooks from industry thought leaders.
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).

Cybersecurity & Privacy