The holiday season brings with it an inevitable increase in online fraud. Fraudsters go where the money is, and with so much being spent over Thanksgiving and Christmas, there’s even more for scammers to tap into. Here, we outline the key scams to look out for during the holiday season.
Email fraud
As the number of communications with special seasonal offers increases, it’s easy for fraudulent emails to get through. They usually purport to be from legitimate brands, courier companies, marketplaces, or online payment services. Phishing emails replicate the branding of legitimate companies and contain links to replica websites that aim to glean personal info and money from unsuspecting consumers.
Within companies, increased numbers of temporary staff and a higher number of incoming packages opens up invoicing scams or other ways to extract information.
To make an email seem legit, fraudsters register domains containing the brand name or mimicking the legitimate sender domain. Safe gateway solutions and monitoring for typosquatters can solve this issue. Cyber criminals can also use the actual company sender domain, and tools like DMARC can manage that threat, as well as phishing awareness training for all employees.
Fake websites
Linked with email fraud are fake websites, which use official branding or clones of legitimate sites. In 2018, more than £10 million (SEK 125 million) was lost to fraudsters through online Christmas shopping. Fake sites offer hefty discounts on otherwise expensive goods, which either turn out to be fakes, or don’t arrive at all. Domains including the brand or special seasonal alternatives are used to appear legitimate (e.g., companyXchristmasshop.com). Monitoring solutions help identify bad domains or site content, and enforcement solutions help remove harmful sites.
Paid search and social media
Holiday fraudsters use paid search ads to take advantage of the millions of people searching online to find the perfect gift. Buying brand name keywords means they can position ads for fake sites at the top of search results, encouraging consumers to click the malicious site and input personal and financial information.
Digital grinches also target social media, with ads peddling cheap goods or discount vouchers, sending consumers to fake websites. For higher credibility, they often don’t use a direct post, but hide in closed groups or comment sections making them harder to detect.
Further still, account hijacking or cloning gives fraudsters access to someone’s personal social media account, where they can send direct messages to their contacts asking for financial support or directing to fake websites. Always try to verify requests by contacting the person via other channels before considering anything.
Latest TLD launches
.TH
The .TH TLD has been launched, with a limited availability period—with a deadline of 31 December 2019. (NB CSC needs to receive final orders by 27 December.)
The domain name must be an English name of an organization, trademark, or natural person only.
Requirements are extensive, and based around:
- Category 1 – Trademark in Thailand
- Category 2 – Foreign trademark including local presence in Thailand
- Category 3 – Eligible if you already have another extension, e.g., CO.TH
- Category 4 – All types of organizations that, according to Thai law, do not fall under categories one to three
If there is more than one qualified registration, the domain is awarded to the entity in the highest category. Approved domain registrations will be announced on 10 January 2020.
.AU
We can now accept pre-registrations for .AU. You will enter a queue for your required domains which will be released as soon as the TLD officially launches.
The requirements are closely in line with those of the .UK launch earlier this year. If your company wants to register .AU, the information on your .COM.AU domains needs to be up-to-date and correct. In the new year, we’ll be in contact with specific information and a chance to review any .COM.AU domains to ensure compliance.
The TLD will launch in two phases: grandfather and general availability. The grandfather phase has the following categories:
- Category 1: If the equivalent .COM.AU was registered on or before 4 February 2018
- Category 2: If the equivalent .COM.AU was registered after 4 February 2018
Category 1 applications are prioritized over category 2 applications. If multiple parties hold a category 1 for the same domain string and want to register an exact match in the second-level .AU, they may negotiate an agreement as to which will be the designated person to register the .AU domain.
If multiple parties hold a category 2 for the same domain string, the applicant with the earliest creation date gets priority.
2020 webinars
Our schedule of monthly webinars will recommence on Thursday, 6 February 2020, with subsequent webinars held on either the first or second Thursday of every month thereafter.
Keep your eyes peeled in January for the invitation to our first webinar of 2020!