McAfee spotlights the '12 scams of christmas' to keep consumers digital lives safe

1 November 2013 Information Security, Products & Solutions

McAfee has released its annual '12 Scams of Christmas' list to educate the public on the most common scams that criminals use during the holiday season to take advantage of consumers as they shop on their digital devices. Cybercriminals leverage these scams to steal personal information, earn fast cash, and spread malware.

This year, holiday shopping sales are expected to soar to an estimated $602 billion. E-commerce sales are predicted to rise 15% compared to last year’s digital sales to more than $60 billion, with m-commerce comprising 16% of this number. Consumers should ensure that they are taking all precautions to protect the data saved on their devices.

To help consumers stay alert for greedy Grinches as they surf the Web for holiday travel deals and seek out gifts for their loved ones, McAfee has identified this year’s top '12 Scams of Christmas':

* Not-so-merry mobile apps — official-looking software for holiday shopping, including those that feature celebrity or company endorsements, could be malicious, designed to steal or send out your personal data. Criminals can redirect incoming calls and messages, offering them the chance to bypass two-step authentication systems where the second step involves sending a code to a mobile device.

* Holiday mobile SMS scams — FakeInstaller tricks Android users into thinking it is a legitimate installer for an application and then quickly takes advantage of the unrestricted access to smartphones, sending SMS messages to premium rate numbers without the user’s consent.

* Hot holiday gift scams — advertisements that offer deals on must-have items, such as PS4 or Xbox One, might be too good to be true. Clever crooks will post dangerous links, phony contests on social media sites, and send phishing e-mails to entice viewers to reveal personal information or download malware onto their devices.

* Seasonal travel scams — phony travel deal links and notifications are common, as are hackers waiting to steal your identity upon arrival. When logging into an infected PC with an e-mail username and password, scammers can install keylogging spyware, keycatching hardware, and more. A hotel’s Wi-Fi may claim that you need to install software before using it and instead infect your computer with malware if you 'agree'.

* Dangerous e-seasons greetings — legitimate-looking e-cards wishing friends 'Season’s Greetings' can cause unsuspecting users to download 'Merry Malware' such as a Trojan or other virus after clicking a link or opening an attachment.

* Deceptive online games — before your kids are glued to their newly downloaded games, be wary of the games’ sources. Many sites offering full-version downloads of Grand Theft Auto, for example, are often laden with malware, and integrated social media pages can expose gamers, too.

* Shipping notifications shams — phony shipping notifications can appear to be from a mailing service alerting you to an update on your shipment, when in reality, they are scams carrying malware and other harmful software designed to infect your computer or device.

* Bogus gift cards — an easy go-to gift for the holidays, gift cards can be promoted via deceptive ads, especially on Facebook, Twitter, or other social sites, that claim to offer exclusive deals on gift cards or packages of cards and can lead consumers to purchase phony ones online.

* Holiday SMiShing — during the holidays, SMiShing is commonly seen in gift card messages, where scammers pose as banks or credit card companies asking you to confirm information for 'security purposes'. Some even include the first few digits of your credit card number in the SMS message to fool you into a false sense of safety.

* Fake charities — donating to charities is common this time of year for many looking to help the less fortunate. However, cybercriminals capitalise on this generosity, especially during natural disaster events, and set up fake charity sites and pocket the donations.

* Romance scams — with so many niche dating sites now available to Internet users, it can be difficult to know exactly who the person is behind the screen. Many messages sent from an online friend can include phishing scams, where the person accesses your personal information such as usernames, passwords, and credit card details.

* Phony e-tailers — the convenience of online shopping does not go unnoticed by cyber scrooges. With so many people planning to shop online, scammers set up phony e-commerce sites to steal your money and personal data.

To keep consumers protected and ensure a happy holiday season, McAfee has shared additional safety tips:

Review apps 

Review mobile apps carefully before downloading. Check the comments section and confirm the app’s legitimacy directly with the parties that the software claims are involved. Double-check that the 'download' button is legitimate when attempting to install new apps on your phone. Use antivirus software and learn more about FakeInstaller here.

Deals and steals

If an offer seems too good to be true, it probably is. Purchase directly from the official retailer rather than from third parties online. Do your best to verify 'low' prices on this season’s biggest sellers.

Check gift cards that you receive for suspicious misspellings in the sender’s name or the name of the card company itself. Double-check IP addresses on the sites you use for shopping and look at customer reviews to verify an e-tailer’s legitimacy.

Always check the domain name on shipping notification alerts and be cautious of any that you receive when you have not sent a package or requested them. Only download or buy games from reputable websites. Check in with retailers about the legitimacy of a deal you see advertised and talk to your children about how to spot and avoid online potential scams.

Research before sharing

Banking and credit card companies should never ask you for personal information via text message. If you receive such a message, contact your bank directly via phone, secure website, or in-person. Some other specific examples include:

* Log on to trustworthy dating sites when looking for love online and be wary about sharing personal information of any kind to websites or individuals you encounter online.

* Do background research on the charity you’d like to donate to and think before sharing any type of personal information on a website that looks suspicious.

Be cautious when travelling

Before travelling, make sure that all of your software is up-to-date and run a virus scan. If you’re asked for a username and password after clicking a link, try using a fake input on the first login attempt. The extra few seconds it takes to load confirms that the page is actually looking for valid username/password combinations; scam sites will let you right in.

If you do plan to search for deals online, use apps or open shopping related emails, make sure your entire household’s devices have protection.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
Secure, modernise and optimise CCTV
Surveillance Products & Solutions
Industrial and commercial organisations are navigating complex digital transformation processes. With SecuVue, companies can bridge the gap between operational technology and information technology for safer, smarter operations.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.