Whatever they offer you, don’t feed the plants.
This next month and a half is a very busy time for those of us shopping for gifts. It’s also an increasingly busy season for hackers. What better time to slip in traps then when we are spending a lot of money and are put off guard by the stresses of the season? Please be extra vigilant against hackers trying to steal your credentials, accounts, identity, and money. This article includes several suggestions to keep you safe so you can enjoy the holidays.
Enjoy the season, but remember that the hacker’s don’t take off during this busy time.
The following suggestions will help keep you safe during the upcoming holiday season.
Message about an item you never ordered
For this scam, you receive an email indicating that an item has been purchased on your account. The email contains details about the item and indicates that you only need to contact them in case this item was ordered by mistake. The hacker is trying to scare you into thinking that doing nothing will result in the order going through, when, in fact, the hacker needs you to contact them in order to cause you damage. If you were to call the provided number or reply, they may request your bank/Credit card information to “cancel the order and refund your money”.
Just delete the email. If you are concerned, open a browser and type the merchant’s URL in manually, log into your account and check your purchase history.
Fake delivery notification
Delivery notices are an easy avenue of attack because you may legitimately receive delivery notices which you are not expecting, say for gifts from someone else.
More information about this scam is available in our previous InfoLine Article: That package delivery email may be fake
Due to the problems with the US Postal service, many are now sending Holiday e-cards to share their good wishes. The problem is that most of us won’t recognize the names of legitimate e-card companies, putting you in danger of clicking on a link in an un-requested email from an un-known website (two red flags).
- If the e-card email does not contain the name of the sender and instead states “From a friend” or some-such. Delete it. Legitimate e-card companies are well aware of the potential for fraud and give you every chance of trusting the link.
- Send an email to the indicated sender and ask if they sent the e-card. Yes, you may find this tacky, but it’s better to be tacky safe than tastefully hacked.
- If you are sending out e-cards, you may consider sending out an email to your recipients first, letting them know that an e-card will be arriving from the specified e-card company.
Password reset emails
This is not specific to the holiday season, but since it is so prolific and so dangerous, it bears mentioning. If you get an email regarding a problem with one of your accounts, don’t follow a link to reset the password. This is a common way for hackers to direct you to a fake site and steal your credentials when you enter them
If you think it is a legitimate request, open a new browser, and type the address of the account site manually. Then log into your account. If the issue with your account is legitimate, the legitimate site will prompt you to resolve it.
Fake gift-giving ideas website
You may search the internet for gift-giving ideas. If so, please be careful about the many fly-by-night websites offering “Best gifts this year”, and “Discounted gifts” and “Coupon codes”. These sites typically have links to the merchant sites where you can purchase the gifts. Are these links real?
Be wary of unknown websites, and especially any links you find in them.
Monitor your Bank & Credit Account activity
This is a good time of year to check your bank and credit card activity to look for unknown transactions.
If your bank allows you to, turn on alerts about unusual activity.
What does “Don’t feed the plants” mean?
It’s a reference to the 1960 “B” rated horror movie “Little Shop of Horrors” and it’s subsequent musical adaptation. Little Shop of Horrors
Consider reaching out to family members to keep them safe
You can forward a link to this article, or just send them an email with some of the ideas listed. Feel free to plagiarize. What’s most important is to get these warnings out.
If you have questions about this, please let us know and we will be happy to assist you.