by Robert Siciliano

The 12 Scams of Christmas and Other Attacks

Dec 22, 2010

Identity Thieves and Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information. As cybercriminals begin to take advantage of the holiday season, be cautious.

Scam I: Charity Phishing Scams

Hackers take advantage of citizens’ generosity by sending e-mails that appear to be from legitimate charitable organizations.

Scam II: Fake Invoices from Delivery Services

Cybercriminals often send fake invoices and delivery notifications appearing to be from Fed Ex, UPS or the U.S. Customs Service.

Scam III: Social Networking Scams

Cybercriminals send authentic-looking “New Friend Request” e-mails from social networking sites.

Scam IV: Fake Holiday E-Cards

Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Worms mask as Hallmark e-cards and more.

Scam V: “Luxury” Holiday Jewelry

Scam campaign that leads shoppers to malware-ridden sites offering “discounted” luxury gifts from brand names.

Scam VI: Practice Safe Holiday Shopping – Online Identity Theft on the Rise

Researchers predict online holiday sales will increase this year, as more bargain hunters turn to the Web for deals. While this is the season for giving, don’t give away your identity. Cybercrooks promote fake gift card offers and other schemes with the goal of stealing consumers’ money and information, which is then sold to marketers or used for ID thefts.

Scam VII: Risky Holiday Searches

Hackers create fraudulent holiday-related websites for people searching for a holiday ringtone or wallpaper, Christmas carol lyrics or a festive screensaver.

Scam VIII: Job-Related E-mail Scams

Scammers are preying on desperate job-seekers with the promise of high-paying jobs and work-from-home moneymaking opportunities.

Scam IX: Auction Site Fraud

Buyers should beware of auction deals that appear too good to be true, because often times these purchases never reach their new owner.

Scam X: Password Stealing Scams

Thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keylogging.

Scam XI: E-Mail Banking Scams

Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions.

Scam XII: Ransomware Scams

Hackers gain control of people’s computers then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible.

Protect yourself:

1. Never Click on Links in E-Mails: Go directly to a company or charity’s website by typing in the address or using a search engine.

2. Use Updated Security Software: Protect your computer from malware, spyware, viruses and other threats with updated security suites.

3. Shop and Bank on Secure Networks: Only check bank accounts or shop online on secure networks at home or work, wired or wireless. Wi-Fi networks should always be password-protected.

4. Use Different Passwords: Never use the same passwords for multiple online accounts. Diversify passwords and use a complex combination of letters, numbers and symbols.

5. Use Common Sense: If you are ever in doubt that an offer or product is not legitimate, do not click on it.

6. Get Identity Theft Protection: McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how a person becomes an identity theft victim on (Disclosures)