You Better Watch Out! 12 Insidious Christmas Scams

Bah, Humbug

Is it that time of year already? During the next few weeks, users will be rushing to buy presents, attend winter concerts, and decorate their houses for that holiday party.

Amid the frenetic holiday shuffle, it's easy to let your guard down when shopping for those last minute gifts online. But hackers are waiting with a slew of scams and tricks that will turn that stocking stuffer into a lump of coal.

With insights from McAfee Labs threat research, here are 12 Scams Of Christmas, that could make for a very unmerry holiday this year.

So you better watch out!

iPad Security Scams

Naturally, Apple's popular tablet will be widely received under the Christmas tree, or wherever, this year. And hackers will be banking on that fact (literally) by spamming bogus offers for free iPads.

In one iPad scam delivered via e-mail, McAfee Labs found that users were asked to buy additional products, as well as provide their credit card numbers, in order to receive their "free" iPad. Not surprisingly, victims never actually receive an iPad, free or otherwise.

In another scam, delivered via social networking sites, users have to take a quiz to win a free iPad, which requires them to submit their cell phone numbers to receive the results. However, while innocently taking the quiz, users are also simultaneously signing themselves up for a cell phone scam that cost them $10 a week.

"Help, I've Been Robbed" Scam

Some things never seem to die, and this scam is one of them. The tried and true help scheme sends a phony distress message to friends and family or anyone else on the victim's contact list, requesting money be transferred so they can make it safely home.

The scam takes on a new dimension with the rise of social networking. Hackers are increasingly exploiting the social networking trust factor by sending victims' help requests from spoofed profiles from their contact lists, thus adding to the credibility of their scheme. Victims are then more compelled to send money to the scammer, thinking that their friends are actually in trouble.

Security experts predict a rise in these kinds of scams during the holiday travel season.

Fake Gift Cards

Gift cards are often considered perfect gifts when you don't know what to get. And cyber crooks think so too.

Lately, cyber crooks are using social media to promote fake gift card scams, in exchange for stealing users' personal information and money, which is then sold on the black market and used for identity theft activities.

McAfee reported that a recent Facebook scam offered a free $1,000 Best Buy gift card to the first 20,000 users who signed up for a Best Buy fan page -- which, of course, was spoofed. However, in order to receive their promised gift card, users were required to provide personally identifying information and take a series of quizzes. But instead of a gift card, users likely just received a big headache from cleaning up an identity theft mess.

Bogus Holiday Job Offers

This time of year, everyone could use a little extra cash. That fact has not been lost on the hackers. Subsequently, Twitter scams have been floating around containing malicious links to sites that promote phony job offers that promise high-paying, work-at-home jobs. All users have to do is fill out a detailed application to be considered.

In reality, the phony jobs are just a hook to trick users into submitting personal and sensitive information, such as e-mail addresses, home addresses, cell phone and Social Security numbers.

In the end, users are left with an identity theft scheme to clean up, instead of a job or extra holiday cash. The tried-and-true adage applies -- if it looks too good to be true, it probably is.


Yes, that's right. Smishing -- what you get when you mix SMS texts with phishing. With the rising popularity of mobile banking, hackers are sending texts to users that appear to come from their bank or an online retailer informing them that there was an error in processing a transaction. The hackers then request that the user call in to verify account information.

Of course, these antics are a ruse to obtain valuable personal data that can later be used in identity theft schemes or sold on the cyber underground.

This kind of scam will likely increase in the coming weeks as users worry about the status of online gifts they purchased, as well as their account balances.

Sketchy Holiday Rentals

One popular holiday activity is sharing a rental cabin or hotel with friends and family. As such, hackers are expected to capitalize on users' rush to find an available space by advertising fake holiday rental sites.

While they appear legitimate in photos, these sites often ask users to submit down payments on properties with credit card numbers or wire transfers.

And instead of a holiday getaway place, users will often find themselves dealing with the aftermath of identity theft -- complete with canceled credit cards, lower credit scores and depleted bank accounts.

Word to the wise -- stick with trusted, reputable sites or agencies when booking online. It never hurts to do a little homework.

Recession Scams

While there are signs of a recovery, many users are still feeling the economic pinch of the recession, which can be especially challenging during a season of gift giving. Meanwhile, hackers are continuing to kick users while they're down by soliciting phony get-rich-quick and pay-in-advance credit schemes.

In particular, security experts have seen a spike of spam campaigns advertising prequalified, low-interest loans and credit cards ploys. All the user has to do is submit a one-time "processing fee," which goes directly to the hackers' pockets. And needless to say, users will very likely never receive that low-interest credit card for which they applied.

Malicious E-Cards

For hackers, the old stand-by E-card never fails to disappoint. The rise in E-cards, now delivered over social networks, has also opened up a new threat vector for cyber criminals to distribute malware. During attacks, users will open up a cute and fuzzy greeting card appearing to come from someone they know. In reality, the program will be dropping malicious code, such as Trojans or keyloggers, onto their computers, which enable hackers to access their victim's data and take control of the machine.

Later, users might realize what happened when their computer starts displaying pornographic messages, pummels them with pop-up ads or starts sending E-cards and spam sourced to them.

When in doubt, play it safe and refrain from opening up an E-card, even if it appears to come from a friend. Instead, call your friend to confirm he or she sent it. Or better yet, write out a greeting card the old-fashioned way -- by hand.

Low, Low Price Scams

Did we say if it looks too good to be true, it probably is? Good. Because that also applies for deals that offer "unbelievably low prices."

While many legitimate merchants and e-commerce sites hold sales during the holiday season, hackers will jump on the bandwagon by creating fake commerce sites that will attract users by undercutting competitors on price.

Cyber criminals regularly bombard e-mail and social networking inboxes with spam, embedding links or ads that bring users to auction sites and fake Web sites that hawk cheap goods and services. But these ads are typically just used as bait to lure victims into clicking malicious links, or to steal users' data when they enter credit card numbers or apply for bogus shopping accounts.

Fake Charities

The holidays are a prime time for charitable donations. But that gift-giving spirit also makes generous users a prime target for fake charity scams.

Without fail, the holidays will bring a slew of fake charity scams, requesting donations for everything from food and clothing drives to sponsoring children in developing world countries. The fake charities will solicit individuals with e-mails and phone calls, while sporting legitimate-sounding names that resemble well-known organizations.

Many users, not stopping to discern the fake from the real, will give blindly, thinking that they're helping out those in need. Subsequently, users are advised to be cautious when giving during the holiday season, and do a little fact checking to ensure that the charity of choice is on the up and up.

Dangerous Holiday Downloads

Users are sometimes more apt to let their guard down during the holidays in an effort to get in the holiday spirit -- with a Christmas download or by installing that Hanukkah-themed screen-saver.

The increase in downloads simply means more opportunities for hackers to distribute malware. Without fail, cyber criminals will look to increase their attack base by distributing holiday themed downloads via e-mail or IM, which appear to come from a friend.

However, in actuality, the malicious downloads will often install malware that can compromise a user's computer, putting a big damper on all that holiday cheer.

Hotel And Airport Wi-Fi Hacking

The busy travel season will inevitably result in more users taking advantage of wireless networks in hotels and airports, sometimes to conduct sensitive transactions such as online purchases with credit cards or accessing workplace applications.

The influx in Wi-Fi users will be a tempting target for cyber criminals, who can easily hack into open networks and access the user's online activity and access credit card numbers, and other sensitive information.

If you have to use public Wi-Fi, try to refrain from sending data that could potentially make you a target of identity theft. That's a present that pretty much everyone could do without.