The 12 Cons of Christmas

By Carl Weiss

Image courtesy of
You may have heard of the 12 Days of Christmas, but what you probably haven't heard about are the 12 Cons of Christmas. In their efforts to "liven up" the holidays, cybercriminals this year are going to act like the Grinch in their efforts to ruin your holiday spirit. So in this season of giving I though it only appropriate to give all of our loyal readers the lowdown on the top 12 cyberscams that you can expect to see this yule.

On the First Day of Christmas my true love said to me, you won’t believe what I found under the tree.

Santa has nothing to do with the multitude of offers you will find online this shopping season that are too good to be true.   A recent blog on Democrat and Chronicle quoted attorney Eric Schneiderman as saying,
“As the holiday shopping season kicks off and more consumers plan to shop online, there are simple steps you can take to avoid scams and protect your personal data. Consumers should know how to spot fake websites and deals that are too good to be true.”  Schneiderman warned that when shopping online, consumers should only use secure Internet connections and only process online payments on web pages that are HTTPS verified to protect themselves against fraudulent companies.” 
This is good advice.  But the first warning sign of an impending cybercon should be prices for merchandise way below retail or wholesale value.  You also need to make doubly sure that the website you thought you were clicking onto is indeed the one you arrived at.  Cybercriminals are amazingly good at creating knockoff websites that look just like the real deal.  The only difference would be a subtle spelling difference in the url.  So be warned and be safe.
On the Second Day of Christmas my true love said to me, look what I won honey!
A variation of the offers-too-good-to-be-true would have to be contests that notify you that “You Have Won!”  First of all if you are unfamiliar with said “contest” do not accept the email, much less click on the link.  If you do go there odds are you are going to be asked for additional personal information “needed” to send you your prize, or you might even be asked for a credit card number to “cover shipping.”  They don’t call them Con Tests for nothing folks.  Give the Grinch the boot.

“Consumers should be suspicious of any email, messages, or posts on social networks promoting giveaways or contests that seem too good to be true, e.g., free high-value gift cards, tablets, and smartphones. These “contests” are often scams designed to bilk consumers out of money and/or to collect consumers’ personal information for resale. Genuine sweepstakes and contests are commonplace on the Internet; however, you should avoid any contest or promotion that requires you to pay money or to perform any sort of financial transaction. Also, think twice before participating in promotions that require entrants to register with multiple third-party websites; often these are ploys to build marketing lists. Promotions that require users to provide more than simple contact information may even be phony or run by scammers who resell consumer information to collect referral fees!”

On the Third Day of Christmas my true love said to me, let’s help this charity!
While giving to a legitimate charity is a noble act, you need to be extra careful to whom you donate your hard-earned money.  Fake charities are a real menace to consumers and business owners alike.  Before you donate, make sure you navigate your way to a legitimate charity.  A blog by titled “4 Ways to Avoid Charity Scams” advises,

“It’s so easy to click on a link in your email, break out your wallet for a sympathetic caller or open a site from Facebook — but resist the impulse. When you decide to donate, go directly to the website of the organization to whom you want to give your money, rather than taking a shortcut. Not only could your dollars never reach their destination, you could end up downloading malware or leaving yourself open to identity theft.”

On the Fourth Day of Christmas my true love said to me, look what a little birdy told me.
As I have pointed out in many other blogs, always be doubly suspicious of email that was supposedly sent to you by a friend or family member that simply contains a line and a link along the following, “You need to check this out!”  The only thing you’re likely to check out next is the local PC Doctor to help you eliminate the malware you just unleashed on your system.  Even worse, some of the latest hacking software can even robotize your system, not to mention rifle it for any contact emails for your family and friends.  How do you think they got your address in the first place?

On the Fifth Day of Christmas my true love said to me, check out my new USB.
Other than clicking on ads or email links, the quickest way to infect your system is to plug in a Free USB.  If you will recall, this is how Iran’s Nuclear program was infected with the Stuxnet virus.  One of their personnel inadvertently picked up a USB that was left lying around only to plug it into a terminal.  So if you should be sitting in a coffee shop or copy center and see a USB lying around on a table unattended, DO NOT TOUCH IT.  You will thank me later.
On the Sixth Day of Christmas my true love said to me, let’s grab a cup of coffee.
Speaking of coffee, you also need to be very wary of using public wifi these days.  As of late everything from coffee shops to airport terminals and  public wifi systems at hotels have been targeted by hackers in order to gain access to unprotected systems.  There was even a report of a number of hotels in Japan that were infected with an insidious malware subroutine that was designed to target specific high-value executives in order to aid and abet corporate espionage.  Personally, I never connect to public wifi.  I use my cellphone to launch a wifi hotspot.  If you do insist on using public wifi then you should have at least three layers of anti-virus and anti-malware to protect you from unwanted intrusion.  Because your real wake up call might not be that double mocha latte after all.
On the Seventh Day of Christmas my true love said to me, let’s get some money.
Here’s the rub, it isn’t just your personal electronics that can be hacked.  So can everything from ATM machines to gas pumps.  Cybercriminals use credit card skimmers that are designed to grab your credit card information or your pin numbers.  Thieves have also been known to install their own cameras in order to record your PIN as you enter it in public kiosks.  So make sure you cover the keypad with your hand before entering any PIN.
On the Eighth Day of Christmas my true love said to me, I got a call from somebody.
Thieves are also not averse to getting on the phone, impersonating a lender, credit card company, or even the IRS in order to try to pressure you into divulging personal information.  While breaches of major retailers involving tens of millions of stolen cards have and will continue to take place, when in doubt you should call the number of the bank or the one on the back of your credit card to make absolutely sure you are not being conned.
On the Ninth Day of Christmas my true love said to me, our package is in jeopardy.
Here’s another newsflash: The US Postal Service, UPS, Fedex and other legitimate shipping companies will not send you an email if a package is hung up in transit.  But cyberthieves will send you an email that links to a clone of the shipper’s site in order to fleece you.  Again, when in doubt call the company directly.  Do not click on a poisoned link.  And never, EVER divulge personal or financial information unless you know to whom you are speaking. 

On the Tenth Day of Christmas my true love said to me, have you ever been to Bimini?
Along with bogus product come-ons are travel deals that offer to Save You Big $$ on last-minute trips.  While there are a number of legitimate travel purveyors that specialize in last-minute trips, they will not solicit you via spam email.  You are required to opt-in and register with them.  The last thing you want to do is schedule a trip that takes you nowhere but to the cleaners.  Travelers Beware.
On the Eleventh Day of Christmas my true love said to me, look at the card we got from Sonny.
Digital e-cards are sure to bring a smile to your face unless they are not from the person you thought they were.  While you might be thinking season’s greetings, cyberthieves are into season’s greedings by hoping to get you to click on a fake link that instead of bringing a twinkle to your eye will instead give you a case of merry Malware.  Again, never click on a link unless you are sure that it is from a legitimate e-card company like  (Also make sure you mouseover the link in order to detect if the url on the card or email is the one you are going to be taken to.  If you mouseover the link and the url that is displayed at the bottom of your browser does not match up with the link on the email, don’t go there or you will soon have a case of the Ho-ho-holiday blues.)
On the Twelfth Day of Christmas my true love said to me, let’s try this free app honey.
As they say, there’s no such thing as a free lunch.  And when it comes to free apps, user beware.  Man of them are designed by and for cyberthieves.  Like a vampire, these denizens of the dark hope to get invited into your private space so they can put the byte on you.  Before loading any app you need to check them out in advance.  Google their reviews and use protected sites such as googleplay, or itunes or since these sites vet their apps to make sure they aren’t carrying any unwanted presents.
When he isn't playing Santa, Carl Weiss is CEO of Working the Web to Win based in Jacksonville, Florida.