Broker Check
Security Tip: 10 Tips to Avoid Holiday Scams

Security Tip: 10 Tips to Avoid Holiday Scams

December 01, 2016

As the holidays approach, more and more people fall victim to identity theft and security breaches. Here are a few hints and tips provided by CyberheistNews to help keep you and your clients safe from the increase of scams this holiday season.  


1.     Use strong, unique passwords

Well over 900 data breaches so far this year have exposed hundreds of millions of records! You better believe that information is being sold and the more accounts you have that use the same username and password, the greater the risk for being hacked. 

It is recommended to have different passwords for every website as this will protect you if a breach occurs.  For example, let’s say your favorite online retailer is breached and your username (often your email address) and password are compromised.  If you use the same email address or username and password at other retailers or even your bank, hackers would now know the login information to your bank, simply due to the fact the online retailer was breached. 

2.     Fake apps

Before downloading any app do some research on the publisher, app creation date, and reviews to give you a good start at spotting a fake. Look for misspellings of popular apps and remember that retailers who don’t actually have an app are especially vulnerable. Better to go to the website directly and check for the official link yourself.

It is recommended to always install apps on mobile devices from the Google Play or iTunes.  Keep in mind though, even if an app is located in one of these stores, it doesn’t mean they are safe and secure.  Also ensure to check the permissions required or requested by the app prior to installing. 

3.     “There was a shipping problem with your order”

Smells like a scam! Other phishing emails to be wary of are fake invoices, fake refunds and any urgent email persuading you to open an attachment, click on a link, or fill out a form. Attached documents containing malicious macros are back with a vengeance, making it critical to pay very close attention to these types of emails. When in doubt, always go directly to the vendor if you think there may be a problem. 

4.     Pay close attention to the websites you visit and shop on

How did you get to this website? Via email? Maybe an ad for a killer sale? Beware of bad links in phishing emails, counterfeit copies of legitimate sites, and malvertising (yes those can be found on legitimate sites too). Copied sites can be made to look nearly identical to the real thing. Basic red flags are bad grammar/spelling, shady contact information and unheard of deals on expensive items. Even if the site is real make sure it's secure, look for https with a lock. 

Be very leery of amazing or unbelievable stories, advertisements, coupons, etc. posted on social networking sites such as Facebook.  Even if they are shared by your friends, they can still be traps to get you to visit a malicious website. 

5.     STOP oversharing on social media

'20 questions about me' type posts are a goldmine for criminals. Posting that information publicly makes it a lot easier to guess your password, answers to security questions, and makes you a bigger social engineering target. 

6.     Free gift card/iPad/must-have item just for filling out a survey or form

Often these are scams looking for your personal information that get sold to other cybercriminals. Make sure any offers you sign up for are authentic before giving up any information. 

7.     Consider using a credit card (no debit cards)

If cybercriminals get their hands on your debit card, it's very easy for them to quickly drain your bank account. You can always reverse charges on a credit card if necessary. 

8.     Keep an eye on your bank accounts and monitor your credit report regularly

Fraudulent spending often starts with small purchases (think $1-$5) that would normally go unnoticed unless you're looking at your transaction history. The sooner it's spotted the easier time you will have getting your money back. 

9.     Make sure devices are up to date

Whether you’re using your laptop, smartphone or other device, having basic security measures in place will lessen your chance of being a victim, but bear in mind the rest of these tips to stay safe. Be sure to keep your computer up to date with the latest security updates by regularly updating your operating systems and the software on your devices (Microsoft Office, Adobe Reader, web browsers, etc.). 

10.   Be careful when using public Wi-Fi

Never share private information on a public Wi-Fi network, even if you think it's safe. Wireless network names are fairly easy to fake and sensitive data like credit card details, login information, etc. can be easily intercepted.  Refer to Chapter 17.8 of the Compliance Manual for specific requirements related to Wi-Fi and your investment practice.