How to Avoid Online Scams

The Easter long weekend starts tomorrow and it’s one of my favourite holidays. Not because of the chocolate, though I REALLY love chocolate, but because traditionally on Good Friday we have always made ravioli with my family. Ravioli you ask? Growing up with a religious father, we didn’t eat meat on Good Friday, so instead somehow we ended up making ricotta-filled ravioli. We made it as a family, and that tradition has moved on to my kids and husband, though I have taken it a step further and now I make the ricotta from scratch as well (of course she does, you say!). I’ll post some pictures tomorrow night when we are all consuming 20kgs of freshly made ravioli 😁

But Easter is not just a time for fun with family, like all holidays, it has now become a time to be wary of internet scams. It is horrible to think of the bad when family, chocolate and a long weekend are looming. When big emotions are involved, such as joy, happiness and generosity around the holiday season, threat actors are the most active with a multitude of different scams. Even when the big emotions are sadness, fear and pain, threat actors will take this as an opportunity to prey on people, as seen during natural disasters, COVID and the current Ukraine conflict. There is no limit to how low threat actors will go.

So, this holiday season, be vigilant and keep an eye out for the following types of scams. At the end of the article, I have also written 10 steps to take to defend yourself and your loved ones against these types of scams. Please share this article with friends and family so they can also stay safe this Easter.

Types of Holiday Scams

Below we have the 6 most common online scams seen during the holiday season. The scams and the way they work each holiday doesn’t change, just the content. As we come into Easter, each of these scams will have some type of Easter focus, whether it be religious, about the Easter bunny and chocolate, or some other component of the Easter long weekend and holiday time. A perfect example is the recent Cadbury’s Easter Egg Hunt scam, where unsuspecting users are promised the chance to win £1,000 worth of Cadbury products if they answer a few short questions and share the promotion with their contacts. Another tactic threat actors use, leveraging victims to share the scam with family and friends so the scam is coming from a trusted source and less likely to be identified for what it really is, a scam!

Fake charity scams

Holiday seasons are generally a time of giving, especially to those in need, but threat actors use these times to prey on the generosity of people by running fake charity scams.

A fake charity scam is a type of online scam where threat actors will create a fake charitable organisation or appeal for donations to a legitimate charity. Their intention is to trick people into donating money or providing personal information. The scammers generally use emotional language or fake stories to elicit sympathy and encourage people to give money, but the donations never actually go towards any charitable cause. Instead, the scammers keep the money for themselves or use it for other illegal activities.

Gift card scams

Gift card scams are another type of online scam where threat actors offer gift cards at discounted rates or as prizes in exchange for personal information or payment. The problem is, the gift cards turn out to be fake or they have already been used. When the victim tries to redeem the gift card, it has no value and the scammer has seconded with your money or personal information.

Scammers often request personal information before they will provide a free gift card, such as a name, address, and credit card details. They then use this information for identity theft or other fraudulent activities and the victim never receives a gift card.

Fake survey scams

Another online scam is the fake survey scam, where threat actors create fake surveys. These surveys offer prizes or rewards for participating, but trick people into providing personal information or clicking on malicious links.

These scams can take many different forms, such as emails, pop-ups, or social media posts, and may use convincing branding or logos to make them appear legitimate. Victims may be asked to provide personal information, such as their name, address, or credit card details, so they can participate in the survey or claim the promised reward.

In some cases, the survey may be used as a pretext to deliver malware or phishing attacks, with the victim being directed to a website that contains malicious code or asked to download a file or program that infects their device. Once the victim’s device is infected, the scammers may use it for further fraudulent activities, such as stealing passwords or personal information.

These types of surveys can also illicit personal information that can be used for obtaining access to the victim’s accounts. A lot of password reset functions on websites ask for answers to “security questions” that are often basic pieces of personal information about the person, such as favourite colour or your pet’s name. The perfect information to illicit from a harmless survey!

Social media scams

A social media scam uses social media platforms like Facebook, Twitter, or Instagram to trick people into providing personal information, sending money, or clicking on malicious links.

These scams can take many different forms and often rely on social engineering techniques, such as emotional appeals or urgent messages, to persuade people to take action. These types of scams often use compromised social media accounts of your family, friends or colleagues to make the scam seem more legitimate and the message trustworthy.

Victims of social media scams may be asked to provide personal information or send money to claim a prize or participate in a promotion. You may also be directed to websites or apps that contain malware or other malicious code, which can infect your device and compromise your security and privacy.

Travel scams

A travel scam is where the threat actor offers fake travel deals or packages, often at discounted rates, to trick people into providing personal information or making payments. These are common prior to or during the holiday season when people have time off from work and are looking for places to stay or travel to.

These scams can take the form of fake airline tickets or hotel booking websites, fake travel agents or tour operators, or fake vacation rental listings. They often rely on social engineering techniques, such as urgency (“deal ends today!”) or scarcity (“only one apartment left!”), to persuade people to act quickly without thinking and taking precautions.

Victims of travel scams are usually asked to provide personal and credit card information to make a booking or claim a discount. They may also be asked to make payments through unsecured channels, such as wire transfers or prepaid debit cards, which can be difficult to trace or recover if something goes wrong. In most cases, the threat actor disappears with the victim’s money, leaving them without a booking or any way to get their money back.

Phishing and Smishing scams

Phishing is where threat actor sends a fraudulent message via email to trick the recipient into revealing sensitive information or clicking on a malicious link. Smishing uses the same technique, but is sent via SMS rather than email.

These types of scams can take many forms and will generally be the delivery method for other holiday seasons scams, such as fake surveys, gift cards, and charity scams.

How to protect yourself from online scams

To protect yourself this Easter long weekend, be sure to follow these 10 simple steps. These cybersecurity basics are good practices to follow online and will protect you against far more than seasonal online scams.

1. Be sceptical of unsolicited messages and offers: If you receive an email or message from someone you don’t know or a company you didn’t sign up to receive messages from, be sceptical of any offers or requests they make.
2. Double-check the sender’s information: Check the sender’s email address or phone number to ensure it is legitimate and avoid clicking on links or downloading attachments from unknown sources. Most legitimate companies with a competition, discounts or other benefits have a webpage dedicated to the promotion. Instead of clicking the link, manually visit the company’s website and see if the offer is available on their site. You should then undertake the promotion using this webpage.
3. Use strong passwords and multi-factor authentication: Protect your accounts with strong and unique passwords, and use two-factor authentication when possible, to add an extra layer of security. Don’t reuse the same password across accounts. Use a password manager, like 1Password or similar, that you can use to create strong passwords and save them. They can also be used for multi-factor authentication. One of the most important things you can do is turn on two-factor or multi-factor authentication on your social media and online accounts.
4. Use reputable anti-malware software: Install anti-malware/endpoint protection software on your devices and keep it up to date to protect your computer or device from malware.
5. Only shop on secure websites: Look for the padlock icon and “https” in the address bar of the website to ensure it’s a secure connection before making a purchase. When paying online, it’s far better to use a company like PayPal than to use your credit card directly on dozens of sites. PayPal is easy to use for unauthorised transaction resolution but also has added non-security related benefits like buyer protection when you have issues with an order or goods you received. Don’t forget to turn MFA on your PayPal account for that extra layer of security!
6. Don’t provide personal information: Avoid giving out personal information like your birthdate, driver’s license, passport, TFN or bank account information unless it’s absolutely necessary.
7. Research charities before donating: Check the legitimacy of a charity before donating by manually finding the charity online, reviewing their website, and looking for reviews and ratings from independent sources.
8. Be cautious of free offers: Like anywhere in life, if something seems too good to be true, it probably is. Be cautious of free offers and giveaways, especially if they require personal information or payment. Remember, if you are not paying for the product, you are the product!
9. Keep your software up to date: Keep your operating system and software up to date with the latest security patches to prevent vulnerabilities that can be exploited by scammers and other threat actors. Do not keep on clicking ‘update later’. Update now!
10. Educate yourself and others: Stay informed about the latest scams and share your knowledge with family and friends to help them stay safe online.

If you follow these 10 steps this Easter, you are well on your way to having a great security posture online and reducing the risk you will fall for one of the many online scams.

From all of us at Morrisec, have a fun and safe Easter!