Phishing, payment, investment scams and other dangerous tricks are major threats during the holiday season
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, released its top five cybersecurity tips to help protect end users against a variety of dangerous scams during the 2023 holiday season.
People fall victim to holiday scams every year contributing to millions of dollars lost. The most popular holiday scams in the last year, according to the FBI, are phishing scams, which also includes voicemail-based phishing (vishing) and SMS phishing (smishing). These scams use unsolicited emails, text messages and phone calls appearing to come from legitimate companies that request personal, financial and/or login credentials. Another favorite scam of cybercriminals is non-payment and non-delivery scams. In a non-delivery scam, a buyer pays for goods or services found online, but those items are never received. Conversely, a non-payment scam involves goods or services being shipped, but the seller is never paid.
According to the FBI Internet Crime Report for 2022, although the Crime Center received 800,944 complaints, a five percent decrease from 2021, the potential total loss grew from $6.9 billion in 2021 to more than $10.2 billion in 2022.
While phishing ranked number one in complaints received, accounting for $52 million in losses, for the first time investment fraud resulted in the highest financial losses for victims at $3.3 billion. This is a staggering 127% increase from 2021.
Here is a list of the top five cybersecurity tips for the 2023 holiday season:
- Exercise caution when clicking on links or opening email attachments, especially if they come from unfamiliar or suspicious sources. Watch out for emails (phishing), text messages (smishing), phone calls (vishing), or voicemails that try to trick you into revealing personal or financial information. Always verify the legitimacy of requests before providing any sensitive information.
- Verify before you buy. When shopping online, make sure you are dealing with reputable sellers and websites. Double-check seller reviews and ratings, and be wary of deals that seem too good to be true. If possible, use a credit card or trusted payment platform that offers buyer protection, as this can provide some recourse in case of non-payment or non-delivery scams. Avoid clicking on links in emails or social media ads, rather navigate to the sites you want to buy from manually or bookmark them.
- Trust your instincts and think twice. If something feels off or too good to be true, trust your instincts. Take a step back, pause, and thoroughly scrutinize the situation or offer before making any decisions. Cybercriminals rely on rushed or impulsive actions, so take your time and think twice before sharing personal information, making purchases, or investing your money. Teach yourself to be suspicious of any messages containing a "stressor"...something that tells you to act NOW! or else negative consequences will happen. Most professional messages, even if they need you to respond quickly, rarely contain "Do it now or else" language.
- Be particularly mindful of delivery note scams this time of year – those are phishing emails or texts pretending to be a delivery company requesting more information from you. When we order things online, we expect these types of messages and are more likely to click when we should not.
- Be skeptical of unsolicited investment offers, especially those promising guaranteed high returns or quick profit. Always research and verify investment opportunities before committing any funds. Consult with a licensed financial advisor or conduct your own due diligence to ensure the legitimacy of the investment opportunity and the individuals or companies involved. In addition, it is crucial to utilize strong cybersecurity measures, like firewalls and anti-virus software, and regularly monitor your investment activities for any unusual patterns.
Bonus tip:
- Stay updated and educated. Stay informed about the latest scams and techniques used by cybercriminals. Regularly review guidance from trusted sources such as law enforcement agencies, cybersecurity organizations, or consumer protection agencies. By staying educated, you can spot red flags and be better prepared to protect yourself from scams.
“Phishing remains the number one tactic used by cybercriminals for a reason. As humans, we inherently trust requests coming from people and institutions that we know. This is generally exploited by cybercriminals through spoofing email addresses and phone numbers,” said Stu Sjouwerman, CEO, KnowBe4. “Phishing is even more prolific during the holiday season as people tend to lower their defenses. It is vital to stay alert of potential scams this time of year. Keep these tips in mind to ensure a stronger cybersecurity defense for a safe and secure holiday season.”
For more information on protecting against holiday scams, download KnowBe4’s 2023 Holiday Resource Kit: https://www.knowbe4.com/holiday-resource-kit.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.