The holidays are busy. We’re trying to get work done to have some fun, and we’re hosting family and friends. Plus, parents that have the holiday Elf tradition must remember to move the doll every night. It’s a lot, and it can make us more likely to fall for scams that can lead to data theft.

Hackers like to take the path of least resistance. Why work harder than they have to for their ill-gotten gains? Look out for these top holiday scams.

Parcel delivery scams

More people are expecting packages this time of year. Bad actors take advantage of this with what’s called a smishing scam. It’s a particular type of scam using text/SMS messaging. You get a message from a known service telling you a delivery needs rescheduling, or that there’s an outstanding fee that needs to be paid.

Recipients, who are already expecting a package, are quick to fall for the request. Clicking on the message link, they enter personal information or download malicious software.

Tip: Go to the source of the package you’re expecting and see what they’re saying about your package delivery.

Christmas hamper scams

Everyone wants to be a winner, but don’t fall for the scammer calling or emailing to say you’ve won a Christmas hamper. They’ll claim to be from a legit organization and have some of your personal information already. That helps them make it all seem genuine. Then, they’ll ask for you to provide more personal details to collect your prize or gift.

They may ask only for your full name, address, and phone number (if the request was emailed). They’ll be collecting this information for a more focused attack in the future.

Tip: Use strong passwords and be careful about what personal details you put on social media.

Fake websites

Many people shop sites that are unfamiliar to them at this time of year. Grandparents (even parents) know nothing about that latest trendy shop! Bad actors will set up fake sites offering gifts and services. They're looking to get your personal details and money.

Tip: Prefer secure website addresses starting with “https” and displaying a locked padlock.

Shopping scams

Every season has its in-demand items. Scammers take advantage of this and set up ads for amazing deals on those items. Desperate to get this year’s toy for your toddler, you might be hooked. Or they’ll ensure people click on their ads by offering ridiculous deals. If you do get the item purchased via these ads, it’s likely to be a sub-par counterfeit.

Tip: Shop with retailers you know and trust.

Bank scams

This scam operates year-round, but bad actors have an edge in the holiday season, when people spend more. Fraudsters typically call, text, or email as your bank having noticed suspicious activity. They get you feeling anxious and then urge you to take action (e.g. click a link or share personal details) to address the issue.

Tip: Remember that banks never use unsolicited calls to ask for personal details, pressure you to give information, or tell you to move your money to a safe account.

With “Googling it” now a common expression, it’s safe to say you do a lot online. To do it all you’re using a Web browser (such as Chrome, Edge, Firefox, etc.). To do it all more efficiently or effectively, you could be using browser extensions, but this article is going to warn you against doing so.

To clarify, browser extensions are code add-ons that you connect to your browser. You can use them to personalize your surfing experience, and they accomplish many different things, including:

• saving time (e.g. Scribe, Evernote, StayFocusd);
• checking your grammar (e.g. Grammarly);
• managing your passwords (e.g. Keeper, LastPass);
• securing your online activity (e.g. DuckDuckGo, Ghostery)

Even though we’ve just said they can help secure your online activity and manage your passwords, the problem is that they are also risky.

Consider the fact that we said this represents added code. Now, how much coding do you know? Most will say “not a lot.” That means you’re blindly trusting that browser extension.

If you download a malicious one, that code can wreak havoc. Suddenly, your default search engine gets changed, or you get redirected to a start page with malware on it. You might face an onslaught of pop-ups or ads. They can also track your browsing history without you knowing it.

That’s just the beginning

Many browsers today want to keep you safe from malevolent extensions. They’ll have permissions in place before allowing access. Yet you still end up giving that extension a lot of access. For example, an extension modifying google.com needs access to all your Google activity. That means your Gmail, too.

Browser extensions access everything you’re doing online. So, a malicious extension could also function as a keylogger capturing passwords or credit card details.

A browser extension can also be sold to or hijacked by a bad actor. Then, it’s easy enough for them to push out an update that turns your trusted extension into malware.

What to do about this issue

Does this mean you should do without browser extensions? There are even browser extensions out there to block other browser extensions, but abstinence from extensions is not your only solution.

Instead, we’d recommend reviewing the safety and credibility of that extension.

This means you should:

• Check to see who published the extension.
• Look at the reviews. A high number of positive reviews is a good sign. Thousands of people are unlikely to give five stars to a malicious extension.
• Pay attention to the permissions required. If an extension claims to modify only one website, check that it accesses that site only.
• Protect yourself with a good antivirus solution.

It’s also easier to stay safe by limiting the number of installed extensions you use.

If you have browser extensions that you aren’t using, uninstall them to lower exposure to potential threats.

Another way to secure your online activity? Work with our IT experts. We can check permissions and review your extensions. We will also ensure your antivirus and software are up-to-date.

Call us today at 940-282-0290.