loader gif

CISA issues a security alert for holiday shopping and phishing scams

CISA issues a security alert for holiday shopping and phishing scams
  • The initiative has been taken anticipating the soon-to-come holiday season.
  • Scams accelerate during the holiday season as local consumers begin buying gifts and donating to charities.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has warned U.S. citizens to be wary of malicious holiday campaigns and scams. The initiative has been taken following the soon-to-come holiday season.

Holidays are the best time for scammers

Scams accelerate during the holiday season as local consumers begin buying gifts and donating charities.

Scammers perform sufficient research beforehand to launch a variety of fraud activities including credit card fraud and shipping scams.

What are the tricks?

There are a variety of approaches used by fraudsters to manipulate users:

  • Most of the holiday scams are conducted through phishing emails that create fear or a sense of urgency among victims. This tactic makes it easy for scammers to harvest personal information or steal money.
  • Sometimes a scam boils down to a skimmer device being placed on a credit card reader to steal a card’s information.
  • Other times, scammers pretend to be from charity organizations or law enforcement agencies and demand quick payments.

Additional purpose

Apart from stealing personal and financial information, bad actors also leverage holiday scams to distribute malware. A recently revealed incident included Emotet trojan operators who pushed new spam templates inviting potential victims to a neighborhood party on Halloween. While those emails promised a treat, in reality, they were used to trick the targets into installing a malicious payload.

How to stay safe?

CISA has encouraged users to remain vigilant and take the following precautions:

  • Avoid opening attachments or clicking links from unsolicited sources.
  • Use caution when shopping online. Always prefer ‘HTTPS-based URLs’ as they are safe.
  • Verify the authenticity of a charity organization before making a donation.
loader gif