10 Holiday Scams To Watch Out For

Cybercrime, scams and malicious social engineering is always a threat, but when a large company did a survey on how shoppers shop during the holiday, 70% stated they would spend considerable time on the Internet researching purchases before the holidays. With the increase time and purchases on the Internet, there will inherently be an increase in the scams and crimes committed online.

I thought it would be a good idea to talk about the ten holiday scams you will want to watch out for during this holiday season and how you can protect against them.

1.   Fake Gift Card Scams:  Malicious scammers and shady websites often offer what appear to be legitimate gift cards. An example of one that was recently used on Facebook (fig 01) drove people to a site that required them to enter all sorts of personal details. This information is often sold to marketers or even worse, used by identity thieves to steal your identities as well as financial information.

2. Suspicious Holiday Rentals: Many holiday travelers wait to the last minute to book hotels, cabins or little get-a-ways. Many criminals will use this lack of planning to steal money. They will post fake rental ads that seem very tempting and then ask for either cash or wire transfers as down payments. Of course, the money is lost and the travelers are gravely disappointed.

3.  Recession Scams: With many people suffering from the poor economy and now being put under pressure to still buy gifts for the holidays, there are many scams that offer low interest or interest free loans. Others target people through email to offer prequalified credit cards or other methods of obtaining money to spend during the holidays. The problem is, there is no money; only loss. Many of these offers should be researched heavily to ensure that they are not scams, but real offers.

4. To-Good-To-Be-True Scam: While many feel the pressure to provide good gifts, scammers will use auction sites as well as fake websites to make offers that are way too good to be true. The victims pay and receive nothing in return. Of course, a shopper should not fall for the "price is too good to be true scams" and only buy from reputable websites and auction houses as well as purchasing from high ranking sellers on those sites.

5.  A time for giving: Holidays are times when people are in a very giving spirit. From guys ringing the bells as you enter Walmart to phone calls, many people are interested in helping those in need. This is an avenue that many scammers will use. Fake websites, spam email and solicitation phone calls are all used to get information from victims that can be talked into giving out personal information and even worse, financial information. Be sure that the charity you are about to donate to is legitimate and the person you are speaking to is the real deal. For example, if you get a call from a local children's fund, you can tell them you are not able to talk right now. Then you can get the number to their local office, call them and make your donation that way. This will ensure you are donating to the right cause.

6. "I've been robbed" scams.: This is a more malicious and evil scam that has been on the rise lately.  Scammers do a little bit of research and find out the name of an elderly couple’s son or daughter then grab an email with that name, i.e. ChrisHadnagy1234@yahoo.com., Then they send their "parents" an email stating they have been a victim of a robbery and need to be bailed out. The unsuspecting parents wire some money and are victims of this terrible scam. I know we are a very digital society, but I guess to me, it is amazing this one is on the rise. Pick up the phone!! Confirm your kid is in trouble before you go sending your life savings.

7. Dangerous Wifi Scams: Many people take time off of work and travel a lot for the holidays.  While traveling, you may want to connect to the Internet to check email, send a message, etc. Many scammers will increase the proliferation of fake and malicious Wifi spots. Using free tools like Metasploit and Karma, attackers can give you a working Internet connection and when you connect, it will harvest your information, credentials and maybe even your financial information.

8. Dangerous Downloads: Closely linked with many of the others is the increase in holiday screensavers or cute little animations that are anything but fun and cute. Instead. they are viruses, trojans or other malicious pieces of software. Of course, the protection for this one is easy... don't download and execute programs from any untrusted source.

9. Increases in phishing and now smishing scams: Yep, you read right,now the new phrase smishing, where scammers are using SMS messages to draw people to give funds or information to malicious sources. Spam and email are used heavily by scammers; 79% of all email in the US is spam, but the nation is only Number 7 in the spam league. Britain comes in top with 94%, then China (90%), Hong Kong (89%), Australia (88%), Japan (86%), and Germany (83%). The Netherlands is 8th (78%) followed by Canada (77%). 

10. The infamous free iPad: It is no doubt the iPad has taken the world by storm and who wouldn't want a free iPad? Well that is just what many banners and sites are offering. This particular scam became so prevalent thatFacebook banned free iPad offers.  There is no such thing as a "free iPad". Even legitimate offers require the person to complete some other offers to get their "gift". 

Thieves and scammers want to go where there is a larger chance for success. The holidays afford them many opportunities to succeed. With a little bit of forethought and some planning, you can remain safe during this time of the year as well as all year long. As a side note, you can do a few other things to remain safe.

  • Try to use credit cards instead of bank cards.  Credit cards will offer you more protection from theft and scams and keep your hard earned money safer.
  • Keep a regular eye on bank statements.  Don't let small charges you might think you "forgot" slide.  Check into them and make sure that you are not a victim.
  • If you get a call from a "company", do not give them any information until you can call them back on a publicly listed number.
  • Watch what you put in the dumpster.  Credit card statements and un-shredded bills or receipts can be a great source of information for criminals.
  • Be careful what you say over cell phones in public.  I have literally seen people paying for gifts with credit cards in public places.. scary.

Again, with a little work and some forethought, remaining safe can be an easier task. Stay safe keep observant. Till next month.

Written by Christopher Hadnagy

What is the role you play in your family?

What is the role you see yourself playing in your family? This is a question that is often times asked by family counselors and with good reason. The way people act and the way people respond to you is often times based off of the perceived role you play.

This “role” we are talking about is defined by Wikipedia as “A set of connected behaviors, rights and obligations as conceptualized by actors in a social situation. It is an expected or free or continuously changing behavior and may have a given individual social status or social position. It is vital to both functionalist and interactions understandings of society.” I started thinking about this the other day when I heard a clip from an old interview with Marlon Brando.

If you go about six minutes into that clip, Brando says:
We couldn't survive a second if we weren't able to act. Acting is a survival mechanism. It's a social unguent and it's a lubricant. We act to save our lives, actually, every day. People lie constantly every day by not saying something that they think, or saying something that they didn't think. Or showing something that they don’t feel … If you are working for an ad agency, and you hate the guy, the idea man, the boss, and you know that every time he comes in with some impossible notion, something that really makes you gag when you drive home on the freeway, you know damn well that you are not going to get a raise, to move to a different position if you don’t say “Leonard, I think that is terrific. It’s just beautiful” And you even lean forward and put your elbows on your knees to show enthusiasm and you get a face for it, and you do it day after day after day to just survive at your job.

I thought that articulated, very succinctly, the situation that we deal with as social engineers constantly. Putting yourself into a new role, one that is unfamiliar to you, and wearing it as a second skin is an action that most people have never done. It becomes very uncomfortable for many people to do this, as we often don’t like to tell others what to think about us.
Most people tend to let people around them define their roles for them.

You can see this with children many times, when adults, parents or teachers, primarily, place kids into “buckets”. The class clown, the troublemaker, the smart kid, the loser, the suck-up, and so on. Once the adult starts to look at the child in this manner, it affects the way they treat them. And in the end, affects the child’s behavior as they start to fill out the role that has been chosen for them.

Picking the right role in a social engineering engagement is typically straightforward. You examine the situation, find the right pretext, and identify the role that is going to best support that pretext. Wearing that role; however, is a different matter all together. Convincingly placing yourself into that role and having others believe that it is authentic can feel overwhelming. You may be thinking, “This is not me, they are going to see right through me, there is no way this is going to work”.

How to change your roles
When you find yourself in this situation, the most important aspect is to just relax. Remember that when you are dealing with people that don’t know you. It seems basic, but this is something many people forget.

When you meet a stranger, you tell them who you are. They are waiting for it; they are asking for it; the only way they won’t believe it, is if you don’t sell it right.

When you are placing yourself into a role, consider the external items first, like:
• How would someone in this role dress?
• What would the body language be?
• How would they carry themselves?
• Where would their eyes be?
• How clean would they be?
• How would they wear their hair?
• Would they have any props? A cup of coffee in their hand, a hat on their head, something else?

Before anything else, work on this aspect of the role, as this will make everything else feel more natural to you.

From there, start working your way inward:
• How would someone in this role talk?
• What sort of words would they use?
• Would they be hurried or not?
• How much self confidence would they have?
• Would they be good listeners or interrupt people a lot?
• How often would they finish someone else sentences?

Get this figured out and in your head, and then start to wear it. Combine it with the external measures and see how well they merge.

Wearing Your New Role
After you have this role constructed, the important part is to try to put it on. Try to wear it with others and get comfortable with that process. If you ever find you have problems with that, there are a few exercises you can try.

Construct a role, consisting of both the external and internal aspects. One I suggest is a buyer for a large retail establishment. Then, try three different combinations.

First, take both the external and internal aspects of the role and go to the store. Start looking around and after a while, strike up a conversation with an employee. Explain to them that you are a buyer for whatever product you are looking for, but you are from out of town. You are looking to gain information about this product in this market, as you are not familiar with the region at all. Try to get information from them about items such as sell through, prices, return rates, and so on. Never claim to be an employee of the business you are in. See how the situation plays out.

Then after that, try it again at a different store except with only the internal aspects of the role. See how much of a change in the type of interaction there is when you are missing that aspect of it. Then try at yet another business with only the external aspects of the role and see how that plays out.

Finally, after that is over, one last time, put on the role with both the internal and external aspects active. This should reinforce to you the importance of having both the internal and external aspects of a role in sync with each other.

Try this sort of experiment as much as you like. As often as you need to gain comfort in operating in a role different than what you are used too.

Anytime you go to interact with someone that you have never had contact with before is an opportunity to try this out. But just remember, never put yourself in a situation where you could potentially get in trouble or cause other negative ramifications later on.

Take confidence in Brando’s words. This is something we all do everyday anyways, all you have to do is put it to work for you. This is an important and often used skill for social engineers, and taking the time to get it right is time well spent. Just “knowing” what to do is not the same as experiencing success and failure in real world situations, so this sort of practical in the field experience is important to go through. 

Written by James O'Gorman