“The Most Wonderful Time of the Year” is known for its bountiful sales, holiday cheer, and the notion of miracles just around the corner. Unfortunately, it’s also a hot time for phishing scammers, stealing personal data and money, precisely when everyone is having fun and letting their guard down.
At this time of year, Kaspersky experts have identified phishing cases related to the Christmas and New Year gifting period: phishing fraudsters disguise the theft of personal data and funds as Christmas gifts.
Phishing scammers targeting personal accounts
A few phishing sites aim to obtain data by infiltrating users’ personal accounts on social networks and messengers in various forms. They request information and once submitted, it is passed directly into the hands of phishing scammers.
One of those Phishing Incidents have recently been reported in Singapore. Fraudsters have created a sophisticated phishing site targeting individuals with the promise of payments in the new year, purportedly from Singapore’s Ministry of Finance.
This deceptive site was designed to imitate the department’s branding, giving it an air of credibility. To receive payment, visitors were asked to enter their Telegram account details.
Once the user enters the Telegram account details, fraudsters can then gain full access to the account, which can lead to digital identity theft, access to private conversations and the ability to pose as the victim for other malicious activities.
Phishing sites imitating banks for New Year gifts
Another phishing technique designed to trap those who believe in miracles is lottery featuring banks. With New Year’s Eve being a time of lucrative deals and giveaways, fraudsters have created phishing sites inviting users to participate in competitions aimed at obtaining victims’ banking details to steal them.
An example of The New Year scam specifically targeted Filipino citizens. In this system, individuals were lured to a website where they were encouraged to spin a wheel for a chance to win a sum of money. After the round, users were shown their supposed winnings and asked to choose between different banks where the alleged funds could be deposited.
After making their selection, users ended up on phishing sites designed to imitate legitimate online banking interfaces. This deceptive tactic was the final stage of the scam, aiming to defraud victims out of access to their banking credentials and ultimately their funds.
Fake New Year Crypto Gift Boxes Without Pokémon
The stakes in the cryptocurrency market are very high. Stealing a wallet with even a few tenths of a bitcoin already brings significant profits to scammers, so they put a lot of effort into creating credible phishing emails and sites, making it more difficult for the user to notice something wrong.
In one such case, the fraudsters created a phishing page copying the official offering of Courtyard.io, a website that allows users to convert physical collectibles into tokens. The original Courtyard.io site invited users to sign up and purchase a New Year’s Eve box containing a Pokémon card.
SO, phishing scammers created a phishing page with the same offer, however, to receive the surprise box, visitors had to connect a crypto wallet, resulting in their funds being stolen.
“Scammers are inventive and cunning. In response, we have to double-check all those special offers coming from unknown emails. Fortunately, we can have a reliable ally here: a comprehensive cybersecurity solution that will protect personal data and money, and prevent bad actors from stealing our vacations,” comments Olga SvistunovaSenior Web Content Analyst at Kaspersky.
How to avoid scams
To avoid donation season scams, Kaspersky experts share some simple tips:
Check the source. Before participating in a special offer, check the legitimacy of the source. If it’s a well-known brand or organization, check their official website or social media to confirm giveaway campaigns.
Type the URL in the address bar. Do not open the link in the email: it could be a phishing link. Whenever there is a need to open a website, it is always better to enter its URL in the address bar avoiding any links contained in an email.
Look for red flags in the offer. Be wary of offers that seem too good to be true, such as winning a large sum of money or expensive prizes with little or no effort. This is particularly tricky when it comes to cryptocurrency transactions: phishing scammers will do their best to make an offer appear valid.
Not share personal information. Legitimate giveaways rarely ask for sensitive personal information upfront. Be wary of any requests for details such as your bank account numbers, passwords, or social security numbers.
Amid the holiday cheer, it is crucial to remain vigilant against phishing scams exploiting the holiday season. From deceptive giveaways to fraudulent crypto schemes, these tactics highlight the need for increased awareness.
Simple practices like checking sources, avoiding email links, and refraining from sharing sensitive information are key to guarding against development cyber threats. A reliable cybersecurity solution is a steadfast ally, ensuring a safer digital experience not only during the holidays but all year round.