“The most wonderful time of the year” is known for its generous sales, holiday cheer, and the notion of miracles around the corner. Unfortunately, it’s also a hot time for scammers, who steal personal data and money, precisely when everyone is having fun and letting their guard down.
At this time of year, Kaspersky experts identified cases of phishing built around the Christmas and New Year season of giving: scammers are disguising the theft of personal data and funds as holiday giveaways.
Phishing scams targeting personal accounts
Phishing sites often aim to invade users’ social media and messenger accounts under various guises and deceptions to obtain data.
In Singapore, for instance, scammers created a highly sophisticated phishing site designed to mimic the country’s Ministry of Finance branding. The scam is to make it appear credible to unsuspecting visitors while tricking users into sharing their personal information by promising payments in the celebration of the new year.
Scammers lures users to enter their Telegram account details to receive the promised payout, which enables them to gain access to their accounts, potentially leading to digital identity theft, access to private conversations, and the ability to impersonate the victim for further malicious activity.
Phishing sites mimicking banks for the New Year giveaways
Fraudsters take advantage of New Year’s Eve by creating phishing sites that invite users to participate in giveaways, leading to obtaining victims’ bank details and stealing them.
A New Year’s scam targeted Filipino citizens who were enticed to spin a wheel on a website to win money. After the spin, users were shown their winnings and asked to select between banks for deposit. Then they found themselves on phishing sites that appeared legitimately as online banking interfaces. Because of this, fraudsters can swindle users by gaining access to their banking credentials and, ultimately, their funds.
Fake New Year’s crypto gift-boxes with no Pokémon
The stakes in the cryptocurrency market are incredibly high. Scammers can profit significantly by stealing even a small bitcoin from a wallet. To achieve this, they create believable phishing emails and websites, making it harder for users to recognize fraudulent activity.
In a recent case, scammers created a fake web page that looked like the official offer of Courtyard.io. This website enables users to convert physical collectibles into tokens. Courtyard.io’s original website offered users the opportunity to register and buy a New Year’s Eve box containing a Pokémon card. The fraudsters copied this offer on their fake page. However, to receive the surprise box, visitors had to connect a crypto wallet, and as a result, the scammers stole their funds.
“Scammers are inventive and cunning. In response we need to double check all those special offers that come through from unknown emails. Luckily, we can have a reliable ally here – a comprehensive cybersecurity solution that will protect personal data and money, and prevent malicious actors from stealing our holiday”, commented Olga Svistunova, Senior Web Content analyst at Kaspersky.
To avoid scams connected to the season of giving, Kaspersky experts share some simple tips:
-
Verify the source. Before engaging with any special offer, verify the legitimacy of the source. If it’s from a known brand or organization, check their official website or social media channels to confirm the giveaway campaigns.
-
Type the URL into the address bar. Don’t open the link from the email: it could be a phishing link. Whenever there is a need to open a web site, it is always better to type its URL into the address bar avoiding any links in email.
-
Look for the red flags in the offer. Be wary of offers that seem too good to be true, like winning a large sum of money or expensive prizes with little to no effort. This is especially tricky when it comes to cryptocurrency transactions: scammers will do their best to make an offer look valid.
-
Do not share personal information. Legitimate giveaways rarely ask for sensitive personal information upfront. Be cautious of any request for details like your bank account numbers, passwords, or Social Security numbers.
Leave a comment