MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The 12 Scams of Christmas

scams of christmas

about the author

Share on linkedin
Share on twitter
Share on facebook

Christmas time is a time of giving, but as far as cybercriminals are concerned, it is also the perfect time to take, take, take.

Here are the MetaCompliance top 12 scams of Christmas with some advice on giving the scammers some “bah humbug!”

Online Shopping Fraud

Christmas shopping has moved online as Covid normalised online buying. A 2021 report predicted that almost half of all Christmas purchases would be internet-sourced. Data from Action Fraud shows that over Christmas 2020, 28,049 UK shoppers lost £15.4 million, an increase of 61% over the previous year.

Cybercriminals follow the money, so it is highly likely that Christmas 2022 will see similar levels of online shopping fraud. Be aware of too-good-to-be-true electronic bargains, gifts, and links to fake websites. Also, be mindful of buying unbelievably cheap branded goods from websites including Facebook marketplace and eBay.

Staying safe:

  • Vigilance is vital when shopping online. 
  • Carefully check any online shops you wish to purchase from.
  • Keep devices up to date with security patches.
  • Do not over-share personal information.
  • Be extra vigilant of unusual offers in emails, social media, and other messaging apps.
  • If you make a purchase, use a credit card, as credit card issuers will offer some protection.
  • Secure your email account using a second factor.

It’s a Fake! Website Scam

Online shopping fraudsters often create fake websites to trick people into buying goods that never arrive. Instead, shoppers end up on the fake website by clicking links in emails, messages, and social media platforms. The fake website will often be made to look like it is a site of a well-known brand.

Once on the site, the fraudsters will encourage the purchase of goods at low prices. Recently, jewellery company Pandora warned British customers to watch out for fake Pandora jewellery sites where almost one in five Britons have been scammed.

Staying safe:

  • Avoid clicking on links in emails, mobile messages, and social media.
  • If an offer seems too good to be true, it probably is.
  • If you navigate a website from a link, be cautious. First, check out the URL of the website. Does it fit the domain of the brand? Does the URL have unusual characters in the address?

WhatsApp Scams

WhatsApp scams are increasing in number as scammers take to mobile messaging. In January 2022, Lloyds Banking Group reported a 2000% surge in WhatsApp scams, with victims losing, on average, £1,950 each.

At Christmas, WhatsApp scams come in wide varieties, but a Which magazine report recently reported a “Cadbury giveaway scam.” The scam offers a free Christmas chocolate selection if the recipient clicks on the message link. The link goes to a fake website where scammers attempt to steal personal details.

Staying safe:

  • Be cautious when receiving messages from someone not on your contact list.
  • Sometimes, a scammer will make the message look like it is from a contact (even when it is not). If it seems suspicious, check directly with the actual contact.

Supermarket Coupon Scams

The allure of free food from a supermarket coupon is hard to resist when food prices are escalating. But there is usually no such thing as a free lunch, and the supermarket coupon scam is no exception. Supermarket coupon scams use all possible entry points into a person’s digital life, from emails to mobile messages to social media.

Recently, several UK supermarkets were spoofed in a supermarket email scam that promised a £1000 shopping voucher. Of course, no such coupon exists, but anyone clicking the link in the email would end up at a fake site where personal data could be stolen, or they could even end up with malware installed on their device.

Staying safe:

  • Be aware of possible email scams offering free gifts or vouchers
  • Do not click links in emails that seem suspicious

Holiday Booking Fraud

Many of us travel to see loved ones or escape at Christmas time. Unfortunately, this seasonal event draws in scammers who concoct elaborate scams to trick travellers. Holiday booking fraud can take many forms: travel scams often use phishing emails, including links to fake travel websites. Alternatively, legitimate booking sites can be used to commit fraud by scammers who work out sneaky ways to circumvent the site’s security rules.

Staying safe:

  • Do not click links or download attachments in emails that seem suspicious
  • Be suspicious of too-good-to-be-true accommodation offers
  • Check the URL of any travel website and ensure the address is legitimate; fraudsters will try and use cleverly composed URLs, for example, AirBmB.com or 4irBNB.com, to catch unwary visitors.

Gift Card and Pyramid Scams

Social media is the new platform for pyramid schemes that target unwary Christmas shoppers. Gift-exchange scams use social media sites, like Facebook, to propagate pyramid fraud. Social media posts typically offer a gift card, asking the target to send it to a friend or family member to receive a financial reward. Instead, the scammers collect the target, the family or friend’s details, and the gift card cash.

Staying safe:

  • Be highly suspicious of any social media offers that collect personal data.
  • In general, do not overshare yours or others’ personal information on social media.

Instagram Scams

Instagram is an ideal platform for propagating many kinds of holiday scams. Using imagery alongside website links is the perfect way to send people to fake websites. Instagram maintains a list of scams that happen on the platform; this includes gift card scams, money requests from strangers, and people claiming to be from Instagram security asking for account information.

Staying safe:

  • Do not overshare your own or others’ personal information on Instagram.
  • Do not click on links from an Instagram post unless you are sure the post is legitimate.

Facebook Scams

Like Instagram, Facebook is an ideal place for scammers to roam.

For example, 2020 saw a Facebook scam that involved a “Christmas bonus.” The scammers sent out messages from cloned accounts of the friend of a targeted Facebook user. The message claimed that the sender had won a “Christmas bonus”; to receive this bonus, the victim must contact a “Facebook Agent.” If the target reaches this “agent”, they are requested to provide personal data and a small fee for the transfer of the winnings.

Watch out for variants of this scam during the run-up to Christmas 2022 and beyond.

Staying safe:

  • Take any offers of “winnings” or other free gifts with a pinch of salt and do your research.
  • Do not click on any link in a Facebook post unless you are sure of its legitimacy.

Scammy Grandparent Fraud

Grandparents are targets for scammers hoping to cash in on their love for their grandchildren. This scam was borne out when a grandad lost £1,550 when fraudsters sent a fake message asking for the money for a medical procedure. Instead, the fraudsters made the message look like it was from his granddaughter. Similar scams use phone calls to perpetrate the same type of theft; the scammers pose as friends and family.

Staying safe:

  • Always verify any request for money directly by speaking to the person making the request.
  • If the request originates in a phone call, tell them you will call them back.

Fake Delivery Messages

The fake delivery scam is not new, but this time of year, the fraud finds new victims as we all increase the number of parcels we expect to be delivered. Outstanding packages, especially when there is upheaval at the Royal Mail, result in frantic waiting for packages to appear. Cybercriminals take advantage of this worry and concern by sending out fake delivery messages, usually SMS texts (SMShing) or emails (phishing) that contain a ‘tracking link.’

In 2021, according to UK Finance, over half of the reported SMShing messages in the last quarter of 2021 were fake delivery scams. The links in these phishing messages will take the recipient to a fake site that looks like a Royal Mail or similar delivery firm website. The site will ask for personal details. The scammers may even follow up with a continued scam, tricking people into believing it is a call from their bank. One fake delivery scam ended in losing £33,000 for one man targeted by cybercriminals.

Staying safe:

  • Be wary of texts or emails that claim to be from a legitimate delivery firm.
  • Beware of entering personal data or financial details into a site you navigated from a link in a message or email.

Survey Scams

Firms commonly use customer surveys to determine customers’ thoughts about their services and products. People are used to clicking on a link and filling out a survey form after an online purchase. This common practice is perfect for cybercriminals to exploit.

Scammers typically set up online customer surveys that mimic well-known brands and entice people to complete the survey by offering ‘free gifts’ or vouchers. If a person clicks the link, they will open a legitimate-looking survey form with the spoofed brand’s logo, etc. The survey will trick people into handing over personal data that will be used to carry out further fraud and identity theft.

This type of scam is likely to increase this time of year when we may have made many online purchases as gifts.

Staying safe:

  • Be extra careful over Christmas when agreeing to take a customer survey.
  • Check the email address of the survey sender carefully for signs of phishing.
  • If you do fill out a customer survey, never enter sensitive personal data, such as financial details or national insurance number.
  • Do your homework and check the vendor’s official website to ensure they are sending out customer surveys.

Fake Job Scam

Spoof recruitment scams are here all year round, but Christmas encourages recruitment scammers. In 2020, seasonal job scams increased by 88% over the previous year. Job scams take many forms, but typically the recruiter will ask for payment for DBS checks or advance fees to process an application.

Staying safe:

  • Be aware of tell-tale signs of phishing, such as poor grammar.
  • Does the offer sound realistic? Check out the company’s website the ‘recruiter’ is from – are they actively recruiting?
  • Be wary of providing money to any recruitment firm unless they check out as entirely legitimate after research.

By being wary and knowing how scammers operate, you will be able to have a cyber-safe Christmas and 2023.

Security Awareness Training for Third-Party Vendor

you might enjoy reading these