Cybersecurity experts warn of new forms of fraud over the festive season

Cybersecurity experts warn of new forms of fraud over the festive season

SHARE IT

24 December 2024

With the New Year approaching, this period is not only characterised by magic and festivities, but is also an ideal opportunity for fraudsters to take advantage of the festive excitement for gifts and offers. Amidst the glow of the festivities, Kaspersky experts have identified several major forms of fraud targeting consumers in various regions and languages.

The Portuguese Christmas recipe scam

Targeting mainly Brazilian users, this scam starts with a seemingly innocent email promoting a Christmas cake recipe, encouraging victims to pay a small fee to gain access to the recipe. Once payment is complete, the scammers steal the victim's credit card information. At the same time, they collect unique Brazilian identifiers, such as the CFP (Cadastro de Pessoas FĂ­sicas) and CNPJ (Cadastro Nacional da Pessoas JurĂ­dicas), which are necessary to access banking services. With this information, fraudsters can either make unauthorised purchases or attempt to access the victim's online bank account to carry out larger-scale fraud.

Fake seasonal shops

Deceptive online stores mimic the look and feel of legitimate e-commerce sites, offering seasonal items such as decorations, gifts, or even Christmas trees at deep discounts. These sites are usually local in nature, adapting the language and currency to the user's geographical location, using data extracted from browsers. Victims often encounter these stores through links in advertisements or pop-ups. The aim of these sites is to steal money and they often only operate for a short period of time as they are quickly identified by product suppliers.

Offer free mobile data

This scam takes advantage of the attractiveness of free services, claiming to provide free mobile data that can be used on all major telecoms providers. To receive the free data, victims are asked to share the link of the offer with 10-15 contacts via WhatsApp, ensuring the scam spreads exponentially. After sharing the link, victims are asked to enter their personal details - name, phone number and email - in a form. Once collected, the data is sold on the dark web or used for other misleading activities. In some cases, victims inadvertently download malware that compromises their devices, which allows them to be further exploited.

Payments by governmental organisations during the holiday season

The scammers pose as government authorities and promise fictitious payments on the occasion of the holidays. There have been many reports of this scam in African countries such as Kenya and Nigeria. To receive payment, victims are asked to complete a survey that requires personal information such as name and phone number. Once the survey is completed, the user is asked to share the link to the announcement with their contacts via WhatsApp. This information is collected and added to malicious databases, sold to third parties or used for phishing attacks and identity theft. This scam exploits trust in government systems and the spirit of giving in the midst of the holidays.

Free luxury cars

In Indonesia, scammers have launched fake lottery campaigns, offering users the chance to win a luxury sports car. Victims are usually lured into such scams via email. To claim the prize, they are asked to share personal details such as their full name, phone number and address. While the car is never delivered, the stolen information is used in identity theft schemes, phishing attacks or sold on the black market for other fraudulent activities.

To stay safe this holiday season, Kaspersky recommends:

  • Ensure the authenticity of websites and offers before making purchases.
  • Avoid clicking on links from unsolicited emails or messages.
  • Avoid providing personal information unless it is from a verified and trusted entity.
  • Be wary of offers that seem too good to be true - they are usually not trustworthy.
  • Use a comprehensive solution that protects computers and mobile phones - it will protect you from phishing sites and malware.
View them all