Christmas is just a few weeks away, and Assurity Trusted Solutions Pte Ltd - a subsidiary of the Infocomm Development Authority of Singapore - has shared three common online scamming tactics for us to be wary of during this festive season:
1) Festive email phishing scams
Most of us make online purchases because they offer attractive discounts and save us the hassle of jostling with other shoppers at the malls. Cyber criminals are well aware of that, which is why your inbox tends to be flooded with unsolicited emails offering fantastic deals during the festive season.
Cyber criminals also know that you may have packages in transit from recent purchases. This gives them a great excuse to email you fake courier messages regarding lost-in-transit items. Their aim is to make you click on a link that leads you to a phishing or spoof site, where you will be tricked into entering your personal data, or on an attachment which may contain viruses or keystroke loggers which record what you type.
Assurity advises consumers to avoid clicking on suspicious links and attachments, and to always verify the source of an email. Also, if the offer seems too good to be true, it often is.
2) Phishing sites
This refers to fake sites that "phish" for your personal information, including credit card information. They may be original sites or spoof sites that look like your favourite online shopping sites.
A good cybersecurity tip is to always double-check the web address, or key in the web address yourself so that you are not led to these malicious sites. According to Assurity, common giveaways are incorrect company name, "http://" at the start of the url instead of "https://" and a missing forward slash in the url. Also, avoid websites that feature pop-up windows asking for your login credentials.
3) Fake e-cards
Be wary when opening the attachment or link to your e-card, because you might be downloading a Trojan instead. Telltale signs of bogus e-cards include spelling mistakes, unknown senders and strange URLs, said Assurity.
It also advised users to always check with the sender if he/she has indeed sent you an e-card. Additionally, be cautious of pass-it-on emails, e-cards and screensavers with generic festive greetings as these could be viruses in disguise.
Faking it online goes both ways - while you are be at the receiving end of phishing emails, you are also inadvertently be the source of these emails. This means that when your personal email account is compromised, cyber criminals may assume your identity to prey on your family and friends.
You can reduce the risk of online identity theft by activating two-factor authentication (2FA) for your private email accounts, social networking accounts as well as online storage accounts. This may entail linking your mobile phone number to the accounts so that a One-Time Password (OTP) can be sent to your phone each time you log in.
Sign up for CIO Asia eNewsletters.