I’ve just arrived back in the UK having been in the Netherlands and Germany visiting some Christmas markets.  As well as nearing bankruptcy, having bought stuff that we would never buy at any other time of the year, and in any other place, it reminds me of the way that Christmas tends to open wallets like no other time of year, but that we still need to watch the pennies.  A bargain cannot be passed up.  This of course can open us up to some scams that we might otherwise not give the time of day to.

I thought I’d compile a list of 8 of the current types of scams doing the rounds, that tend to get more success at this time of year.

Phishing Scams

Always top of my list.  Criminals send emails that look genuine to make you click on a link to a fake site or open an attachment that infects your machine with malware. They will be designed to make you panic and rush your decision. THINK before clicking.

Shopping Scams

A seasonal favourite.  Love top brands with low prices? Stay vigilant for counterfeit goods. These range from poorly made clothes to dangerous electronics which fail to comply with safety laws. These are often pushed hard on web sites put up just for this purpose and taken down again soon after.  If it sounds too good to be true, it probably is.

Phone Scams

Criminals ring you to discuss a topic then ask you to press a number on your phone keypad to ‘opt out’ of a survey for example. It will generate extreme charges which the criminals will profit from. Just put the phone down.  Another is asking a simple question and wanting a Yes or No answer.  They then record you saying yes, to use your voice giving agreement to something totally different, that will cost you big money.
 

Ecard Scams

Watch for those e-cards you receive online. It could be infected with a virus that could shut down your device and you could be held to ransom to restore files. Get a good anti-malware installed that will alert you.

Fake Websites

Using the web to buy Christmas presents? Criminals set up fake websites that look identical to steal your personal details and money. Secure website addresses start with ‘https’ and display a locked padlock.  However, that doesn’t always protect you.  All a scammer must do is to buy an SSL certificate and then their website will display the padlock and begin with https.  There is no substitute for awareness and vigilance.
 

IT support scams

IT support scams could be via a phone call or email stating there is something wrong with your computer and it needs fixing. They will try to direct you to a bogus website. Companies like Microsoft will NEVER call you directly.
 

Fake Charities

Watch out for criminals using a legitimate charity’s name and appealing on their behalf, for a donation. If suspicious, ask to see their official charity ID which they’re required to carry. TRUST your instincts.  If it’s online then go to their official website and see if it matches the one you’re looking at, or check the email address/phone number if it’s an email or text you’re looking at.  Again, vigilance at all times.
 

Refund Scams

You may receive an email or text pretending to be from the Council or a well-known store promising a credit or tax refund and a link to click to claim the money back. They’ll ask for bank details. DON’T give them out.

Many of these sound very familiar and I’m sure you are going to think that you’d never fall for anything like that.  But people do, and it’s a thriving industry.  They prey on people who are busy and the scammers don’t give you time to think.  Electronic scams in the main, are just a rehash of old fashioned con tricks which use the same formula.

One major difference we are seeing though is the use of AI by scammers.  I wrote a piece back in May about AI entitled ‘AI – Good or Evil?  A Clear and Present Danger to Cyber Security?  I’ve discussed how AI could be used to generate code to be inserted into a Ransomware attack, and perhaps heralding the re-emergence of the once fabled ‘script kiddy’. Whilst there is no doubt that AI has a great potential for good with applications in just about every sphere of IT, it can allow some very nasty people, who have very limited technical ability, to introduce new and frightening scams. I also quoted a story from CNN where a lady in the US received a call allegedly from her daughter, which was very scary indeed and the ‘daughter’ was yelling and sobbing that she’d been kidnapped, and other voices could be heard in the background.  Of course, these were all generated by AI and turned out to be totally untrue, the daughter having called her mother and assured her she was safe.

Of course, this is an extreme case, but it does demonstrate the power of AI and its ability to be used by unscrupulous and nasty people.  If this is happening in the US, it’s only a matter of time before it arrives here.

Another scam, this time reported in The Washington Post, was an update on the very well reported CEO Scam, whereby someone impersonates the CEO of a company using spoofed email, but this time it’s using AI spoofing the CEOs voice, attempting to scam money from the company.  This one worked, and the company lost a lot of money.

Stay safe out there and online, be more vigilant now than you are at any other time of the year.