We’re finally here! It’s December! Finals are coming, but the semester is ending. For some, Thanksgiving has been celebrated and most everyone’s bank account is trying to recover from Black Friday and Cyber Monday deals. As we move into this season of searching for the best deals, figuring out how to purchase them all, waiting for packages to arrive and being very busy, let’s all remember that to cyber-criminals, scammers, phishers and the like, this season means something very different to them than it does to us.
To them, this is a prime hunting season for victims. Who is their favorite victim? Any of us busy, busy people who ARE expecting packages, and who ARE looking for the best deals, and who ARE more apt to accept a “too good to be true” offer on the hottest gift items. A growing tactic of phishers is to “smish” potential victims with SMS text messages about package deliveries, delivery delays or issues, awesome deals and the like. Phone numbers can easily be spoofed and there just isn’t a good way to vet an SMS text message.
One specific ploy involves a fake “delivery delay” message that purports to be from Amazon or some other online retailer. The message will mention there is a problem with your package delivery and that you need to go to the site in the included link to resolve it. The link goes to a fake site where you are asked for sensitive information – everything from name and address to credit or debit card information, all in the pursuit of “getting your package to you”. Don’t fall for these attacks. If there is a problem with your package, go directly to the online store (NOT through the link in the message) and check the status there. If you don’t see an issue on the site, check with whatever carrier is delivering your package, again by going straight to their site, not by following links, and enter your tracking number. Remember that any issue with a reputable online retailer can be handled online, at their site, and should never require you to click on a link in a text message.
Another trick used by scammers and cyber-criminals is to send emails or texts about “great deals” that you can only get by clicking on the link provided. These types of ploys have been used for years and many people fall for them every year, as they try so hard to get the best deal for a particular item. Be suspicious. Stick with known, reputable retailers you have used before, even if you have to pay a little more for an item. It is better than giving your payment card information to a scammer, resulting in YOU buying the items on THEIR wish list.
For those people who try to give back during the holidays through donations to worthy causes, be sure you are donating to who you think you are. This is another potentially successful avenue for fraud – charity scams. KnowBe4 has a great article citing Federal Trade Commission tips specifically about Giving Tuesday (I know, I know, that was on November 30th, but some people donate on other days, and this newsletter comes out on the 1st of the month…and, if I had mentioned this in the November newsletter you would have forgotten it by now, right?). They specifically mention three tips to donate safely.
- Do some research online. Search for causes you care about. Search for them in conjunction with “complaint” or “scam” to see if anything pops up. There are websites that you can use to verify your conclusions. One is Charity Navigator and another is CharityWatch.
- Be careful how you pay. Don’t send cash, wire money, or send gift cards to donate to a charity. Always pay either directly with your debit or credit card, or use a service like ApplePay or PayPal. Again, the FTC has a great article about donating specifically through crowdfunding, social media or dedicated fundraising platforms, as some of the causes you pick may utilize these methods.
- Keep all the normal scammer and phisher tricks in mind. If you feel undue pressure to donate, or the reward for donating seems too good to be true, these are giant red flags that something is not right. Some scammers will thank you for a previous donation you never made in order to try and pressure you into donating. Be suspicious, especially if you did not initiate the conversation! Cyber-criminals know that people make end of year gifts and will be calling, texting and emailing to try and catch as many victims as possible.
Bottom line: Be even more suspicious that ever. Don’t get too busy or distracted. A tall order, I know, with everything that is going on right now.
If you’ve read this far, thank you, and please, please, fill out the cybersecurity awareness training survey you received an email about earlier this week, if you haven’t already. The button to go to that survey is in the banner at the top of this page.
Now that you have MFA enabled on your account, you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.
You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted.
That’s it for December, and for 2021, as far as newsletters from Information Security. Look for the next newsletter when you return in January.
Food for Thought
I went straight up silly for this one…