Smart SpendingSmart Spending

The 12 scams of Christmas

Cybercriminals are gearing up to take advantage of the holiday season.

By Karen Datko Nov 24, 2009 1:24PM

This post comes from James Limbach at partner site


As cybercriminals begin to take advantage of the holiday season, McAfee Inc. is warning consumers about the "12 Scams of Christmas" -- the 12 most dangerous online scams that computer users should be cautious of.


According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years.

"Cybercriminals use their best schemes during the holidays to steal people's money, credit card information, Social Security number and identity," said Jeff Green, senior vice president of McAfee Labs. "These thieves follow seasonal trends and create holiday-related Web sites, scams and other convincing e-mails that can trick even the most cautious users."


The 12 Scams of Christmas are:

  • Charity phishing scams. During the holiday season, hackers take advantage of people’s generosity by sending e-mails that appear to be from legitimate charitable organizations. In reality, they are fake Web sites designed to steal donations, credit card information and the identities of donors.
  • Fake invoices from delivery services. During the holidays, cybercriminals often send fake invoices and delivery notifications appearing to be from FedEx, UPS or the U.S. Customs Service. They e-mail consumers asking for credit card details to allegedly credit accounts, or require users to open an online invoice or Customs form to receive the package. Once completed, the person's information is stolen or malware is automatically installed on their computer.
  • Cybercriminal "wants to be your friend." Cybercriminals take advantage of this social time of the year by sending authentic-looking "new friend request" e-mails from social-networking sites. Internet users should beware that clicking on links in these e-mails can automatically install malware on computers and steal personal information.
  • The dangers of holiday e-cards. Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Last holiday season, McAfee Labs discovered a worm masked as Hallmark e-cards and McDonald's and Coca-Cola holiday promotions. Holiday-themed PowerPoint e-mail attachments are also popular among cybercriminals. Be careful what you click on.
  • "Luxury" holiday jewelry can come at a high price. McAfee Labs recently uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering "discounted" luxury gifts from Cartier, Gucci and TAG Heuer. Cybercriminals even use fraudulent logos of the Better Business Bureau to trick shoppers into buying products they never receive.
  • Online identity theft in open networks. Forrester Research Inc. predicts online holiday sales will increase this year, as more bargain hunters turn to the Web for deals. While users shop and surf on open hotspots, hackers can spy on their activity in an attempt to steal their personal information. McAfee tells users never to shop online from a public computer or on an open Wi-Fi network.
  • Christmas carol lyrics can be dangerous. During the holidays, hackers create fraudulent holiday-related Web sites for people searching for a holiday ringtone or wallpaper, Christmas carol lyrics or a festive screensaver. Downloading holiday-themed files may infect a computer with spyware, adware or other malware. McAfee found one Christmas carol download site that led searchers to adware, spyware and other potentially unwanted programs.
  • Job-related e-mail scams. The U.S. unemployment rate recently spiked to 10.2%, the highest level since 1983. Scammers are preying on desperate job-seekers in the poor economy, with the promise of high-paying jobs and work-from-home moneymaking opportunities. Once those interested submit their information and pay their "setup" fee, criminals steal their money instead of following through on the promised employment opportunity.
  • Auction site fraud. Scammers often lurk on auction sites during the holiday season. Buyers should beware of auction deals that appear too good to be true, because oftentimes these purchases never reach their new owner.
  • Password stealing scams. Password theft is rampant during the holidays, as thieves use low-cost tools to uncover a person's password and send out malware to record keystrokes, called keylogging. Once criminals have access to one or more passwords, they can gain access to a consumer's bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user's account to their contacts.
  • E-mail banking scams. Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions. They ask users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply. Then they often sell this information through an underground online black market. McAfee Labs believes cybercriminals are more actively scamming consumers with this tactic during the holidays because people are monitoring their purchases closely.
  • Your files for ransom. Hackers gain control of people's computers through several of these holiday scams. They then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer holds the user's files ransom by demanding payment in exchange for getting them back.

McAfee advises Internet users to follow these five tips to protect their computers and personal information:

  • Never click on links in e-mails. Go directly to a company or charity's Web site by typing in the address or using a search engine.
  • Use updated security software. Protect your computer from malware, spyware, viruses and other threats with updated security suites.
  • Shop and bank on secure networks. Check bank accounts or shop online only on secure networks at home or work, wired or wireless. Wi-Fi networks should always be password-protected so hackers cannot gain access to them and spy on online activity. Also, remember to shop only on Web sites that begin with https://, instead of http://.
  • Use different passwords. Never use the same password for several online accounts. Diversify passwords and use a complex combination of letters, numbers and symbols.
  • Use common sense. If you are ever in doubt that an offer or product is legitimate, do not click on it. Cybercriminals are behind many of the seemingly "good" deals on the Web, so exercise caution when searching and buying.


Related reading at

Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Smart Spending brings you the best money-saving tips from MSN Money and the rest of the Web. Join the conversation on Facebook and follow us on Twitter.