Scam-free Christmas:

8 online scams to protect your customers from

It's that time of the year again. The season of receiving and, more importantly giving, tends to pull shoppers online to look for “best deals” and “up-for-grab” offers to purchase presents for their loved ones.

This season is particularly thrilling for online scammers as well, waiting to cash in on customers’ increased spending, all through holiday-themed scams. 2022 was a busy year for fraudsters, and they will only get more determined and creative this holiday season.

How likely are you and your customers to fall victim to these dodgy deals? As 75% of cybercrimes are online frauds, chances are high that your customers will unwittingly indulge in such schemes.

Fraud was the most common cybercrime last year, with 2022 seeing a similar trend. 57% of these crimes were held against the victims making voluntary payments or using their data to commit fraud. Another 18% were phishing websites collecting credit card or bank login details. Malware infections and reputation attacks accounted for 25%.

Our Digital Risk Protection experts exposed the attack maneuver of these scammers, who, over the years, have been morphing their scam campaigns (situational/ seasonal, click-bait, generic messaging) to capture interest.

Wondering how adversely these scam campaigns can impact your business? According to the Global State of Scams Report, scams caused $55 billion in damages in 2021, which is 15.7% more than the year before. This year, the trend is expected only to ascend.

The biggest recorded losses are around Christmas when customers are the most active - from the 1st of November to the 15th of January. To help you prepare for this hectic time and secure your organization, we present the 8 top trending scams that your customers can fall bait to, and how to prevent them:

While online scams are the topmost means of exploitation, phishing is another means for scammers to get to the victims, through SMS or social media.

Scammers put up a fake front as a well-known brand or a famous identity to gain the victim's trust and distribute links with malware or links redirecting them to phishing sites.

To safeguard your business, leverage the proper security software and cybersecurity expertise (either an in-house team or outsourced) as your first line of defense.

But as they say, the best defense is a good offense; it is necessary to be aware of the active hacking groups and support the ongoing investigations. Like the most recent (1st-31st October) eComm2022 action led by Europol and MRC when they involved 19 European countries to "clampdown on the criminal networks using stolen credit card information to order high-value goods from online shops."

During the mass purchasing period, chances are high that you stumble upon a fake website of an online store that can very well imitate an existing, reputed store.

Fake websites often mislead buyers with domain names similar to the original brand. By submitting personal data and credit card details on such websites, the buyer risks transferring confidential information to a third party and eventually losing money.

Therefore, it is pivotal for businesses to have the right technology in place to protect their brand and their customers by enabling suspicious websites to be reported to the European Anti-Fraud Office and your local jurisdictions, like the UK the National Cyber Security Centre, or FraudeHelpdesk.nl in the Netherlands.

As a cybersecurity service provider with globally revered Threat Hunting capabilities, Group-IB works closely with these associations as well as with INTERPOL and Europol to detect and investigate look-alike websites.

The gift card scam is exceptionally inconspicuous because it makes the payment untrackable. While purchasing online, your customers/users usually have more than one choice of payment method - from credit cards and alternative payment methods, like iDeal or Klarna, to bank transfers or the so-called gift cards.

The attackers usually only ask for gift card payments. They incentivize buyers by offering a low price or a great deal, prompting the victim to fill out their gift card credentials on the phishing website.

The gift card scam impacts businesses worldwide, mostly putting well-trusted brands on the radar. Amazon, Apple, and several other companies have resources in place to educate consumers about the magnitude of gift card scams and how to avoid them.

Given that gift card sales are projected to hit $510M by 2025, educating your customers is one of the most effective means to prevent your brand from reputational damage and financial loss.

Social networks are not just a way to communicate with other people; they are also a popular tool for trading goods. Of course, hackers today know this and can’t miss the opportunity to leverage it for personal gains.

How do they make it work? Cybercriminals create groups and accounts with offers to buy goods at reduced prices. To attract a larger audience, attackers impersonate celebrities and influencers. They also advertise themselves in the name of reputed stores on various social media platforms, with Instagram being one of the top ones.

Nowadays, it becomes even more challenging to protect your customers against these scams as social media accounts can be easily hacked. What's more, the verification mark can be purchased by anyone, giving a false impression of a trusted account.

The next most popular fraudulent activity is the travel scam. This scam is on the rise around Christmas and during the summer holidays when your customers look for the best traveling offers.

Travel fraud can include selling transportation tickets (airlines, railways), hotel rentals, package deals, etc. Fraudsters create phishing sites with these services at the “best price”. As with the previous scams, attackers tend to falsely represent a well-known brand or make up a completely fictional service.

At the beginning of November, a new holiday scam was revealed, which the BBC termed "Holiday swindlers" targeting Brazilian women. Rafael Bessa attracted their victims with beautiful travel destinations via social media (mostly Facebook and Instagram) using a phishing tool and promising beautiful skiing holidays in the Alps and several other things.

The victims paid upfront, mostly in cash, losing even up to $30k. The total amount lost by the victims suing Rafael equals $183k.

Setting up a website or a few pages on blogging services is a simple and popular technique scammers use to lure customers. This scam is slightly different than the "look-alike" sites as it involves action pop-ups.

Again, these websites often imitate a well-known brand and include a survey that, once filled/completed, promises a grand prize for passing the link further. The links mostly redirect to fraudulent or malware-induced sites.

Survey scam successes heavily rely on the passed link. To protect their customers, brands need to be able to analyze fraudulent links efficiently.

The three significant factors that make these schemes hard to detect are: how difficult the links are to detect, how difficult it is to respond promptly, and how long the scam resources are active.

Make sure you know how to investigate the links step by step and give suitable recommendations to your users.

Classifieds, although slowly taken over by online marketplaces, are still an alternative for buyers to find Christmas gifts at special prices. Since classified platforms/adverts do not facilitate payments, they are also a perfect place for fraudsters to find and attract victims.

Participants of the large-scale Classiscam scheme publish so-called "bait lots.” These adverts are aimed at different target groups by selling goods at deliberately low prices.

The buyers interested in a bargain contact the seller through the internal chat of the service. The "seller" offers to continue the discussion about the purchase and delivery of goods in one of the popular instant messengers, allegedly for the client’s convenience.

Instead, the scammer deliberately takes the buyer to a third-party platform so that the security service can't track him down and interfere with the “deal.”

Usually, scammers do not stop there and continue to deceive. For example, they claim that transaction can't be completed for various reasons and offer to issue a refund, during which money is repeatedly debited from the victim's card.

Last but not least are the Christmas loans. Loan fraud has been prevalent for decades, with scammers offering loans at very attractive rates and exploiting social media to distribute their phishing sites.

Today, scammers have become more sophisticated in creating seasonal campaigns such as Christmas loans. It starts with creating a fake website offering an instant money loan for Christmas. The deal, like any other, is too good to be true. It's fast and easy, and interest rates are low but not low enough to raise suspicions.

The victim is led through many phishing forms that collect confidential data. This data will later be used for financial fraud or sold to third parties, possibly to commit a different crime, such as money laundering.

As the proclivity towards online shopping continues, businesses and customers also need to focus more on their security and take precautionary steps to avoid falling victim to a scam. Little awareness and knowledge can go a long way; therefore, companies need to keep their customers and internal stakeholders aware and build cyber hygiene.

A proactive approach to cybersecurity is always better than a reactive one. Therefore, infusing an additional layer of protection to your security infrastructure with a (DRP) digital risk protection solution is a worthy consideration. A DRP solution can help you build a multi-faceted, agile approach to protecting your digital users, assets, and data this holiday season (and every other season) and steer clear of devious scams.