Gift or Grift? Beware of Phishing Scams Amid New Year Deals and Offers

Scammers exploit the joyful atmosphere to steal personal information and money.

PUBLISHED JAN 10, 2024

Cover Image Source: Photo by Tara Winstead | Pexels

During the festive season, which is often considered the most wonderful time of the year, people enjoy great sales, holiday joy, and the hope for miracles. However, it's crucial to be aware that this period also attracts phishing scammers. These scammers exploit the joyful atmosphere to steal personal information and money while people are immersed in the festivities and may lower their guard. The experts at Kaspersky have noticed instances of phishing scams specifically designed around Christmas and New Year. These scammers cleverly disguise their attempts to steal personal data and funds as holiday giveaways. Stay vigilant to protect yourself from falling victim to such schemes.

Image Source: Photo by Alex Fu | Pexels — Christmas and New Year gifts | Pexels/Alex Fu

Some phishing websites aim to trick users into revealing their personal information by pretending to be legitimate on social media and messaging platforms. These deceptive sites create various false identities to request information, which, when submitted, goes directly into the hands of the phishing scammers.

A recent incident in Singapore highlighted this issue, where phishing scammers set up an elaborate site, per The Cyber Express. This site pretended to be associated with Singapore’s Ministry of Finance and promised payments in the new year. The phishing site carefully imitated the ministry’s branding, making it appear trustworthy. To claim the supposed payout, visitors were asked to enter their Telegram account details.

Entering Telegram account details on such deceptive sites grants fraudsters full access. This could lead to digital identity theft, unauthorized access to private conversations, and the ability to impersonate the victim for further malicious activities. It's crucial to be cautious and verify the authenticity of such requests to avoid falling victim to these scams.

Image Source: Photo by Sora Shimazaki | Pexels — It's important to remain vigilant in the online space (representational image) | Pexels/Sora Shimazaki

Mimicking bank websites for New Year giveaways

Fraudsters employ a phishing technique that preys on those hopeful for New Year's miracles, using lotteries involving banks. During the season of lucrative offers, phishing sites entice users to participate in fake giveaways, to obtain victims' bank details for theft. A specific case targeted Filipino citizens, inviting them to a website where they could spin a wheel for a chance to win money. After the spin, users were shown their supposed winnings and asked to choose from various banks for the alleged funds to be deposited.

Once the selection was made, users were redirected to phishing sites mimicking legitimate online banking interfaces. This deceptive tactic was the final step in the scam, aiming to deceive victims into providing their banking credentials and, ultimately, losing their funds. Vigilance is crucial to avoid falling prey to such scams, especially during times of heightened offers and giveaways.

Image Source: Photo by Tima Miroshnichenko | Pexels — Money laundering (representational image) | Pexels/Tima Miroshnichenko

Cryptocurrency scams and frauds

The cryptocurrency market poses high risks, as even a small amount of stolen bitcoin can yield significant profits for scammers. To enhance their schemes, fraudsters invest considerable effort in crafting convincing phishing emails and websites, making it challenging for users to detect anything suspicious.

In a recent case, scammers replicated Courtyard.io's official offer, a platform enabling the conversion of physical collectibles into tokens. The authentic Courtyard.io site enticed users to register and buy a New Year's Eve box containing a Pokémon card. The phishing scammers created a deceptive page mirroring this offer. However, to claim the surprise box, visitors were required to link a crypto wallet, leading to the theft of their funds.

Olga Svistunova, Senior Web Content Analyst at Kaspersky, emphasizes the need for vigilance, stating, "Scammers are inventive and cunning. In response, we need to double-check all those special offers that come through from unknown emails. Luckily, we can have a reliable ally here – a comprehensive cybersecurity solution that will protect personal data and money, and prevent malicious actors from stealing our holiday." Stay cautious and rely on robust cybersecurity measures to safeguard against such deceptive tactics.

Image Source: Photo by David McBee | Pexels — Crypto scams are on the rise (representational image) | Pexels/David McBee

How can you avoid such scams?

To steer clear of scams during the season of giving, Kaspersky experts offer simple tips:

1. Verify the source: Confirm the legitimacy of special offers by checking the official websites or social media of known brands or organizations running giveaway campaigns.

2. Type the URL: Avoid opening links from emails; type the website's URL directly into the address bar to prevent falling for phishing links.

3. Watch for red flags: Be cautious of offers that seem too good to be true, especially promises of large sums of money or expensive prizes with minimal effort. Exercise extra caution with cryptocurrency transactions.

4. Protect personal information: Legitimate giveaways rarely request sensitive information upfront. Avoid sharing details like bank account numbers, passwords, or social security numbers. Stay vigilant to safeguard against potential scams.