The holiday season is upon us, and as you hunt for the best deals, be aware that fraudsters are also finding new ways to exploit the surge in holiday spending. What fraudsters want is simple – they either aim to steal your money and personal data or obtain unauthorised access to your accounts for their benefit.
According to the Visa Payment Ecosystem Risk and Control (PERC) team, here are the top five ways that fraudsters will try to steal your holiday cheer and tips to keep your holidays merry and bright.
1. Reel you in with phishing attacks
Phishing attacks often appear innocuous – like an unsuspecting message from a “friend” asking for help, or an email telling you about a grand prize you have just won. But they often leave lasting damage. In fact, Asia Pacific is increasingly targeted by phishing attacks – with Vietnam, Taiwan, and Sri Lanka among the world’s top ten phishing targets, according to Statista¹.
Fraudsters pose as trustworthy entities or familiar contacts to steal personal information. While usually easy to spot, the higher volume of emails, notifications, and promotional messages during the shopping season means some can slip past your defences.
Look out also for social engineering attacks, where fraudsters can put on a variety of false identities such as bogus charity organisations or holiday job recruiters to steal your credentials, such as your one-time passwords (OTP), and drain your finances. With more new and sophisticated attacks, it pays to stay vigilant during the holiday season.
Visa’s Tips: Never provide your OTP to others or approve any OTP requests for anything you are not certain of. In in doubt, follow our four-step checklist – Pause, Check, Ask Around, and Act Only if You’re Sure – to ensure you know who or what you are interacting with before sharing your personal information.
2. Pose as merchants you love
As shoppers hunt for holiday deals, fraudsters can pose as merchants on eCommerce and other shopping sites to trap unsuspecting victims. In the past four months², Visa PERC saw a 284% increase in fake merchant websites compared to the prior four months , a sign that these fake merchants are gaining momentum.
These fraudsters can also create enticing ads offering heavy discounts on popular or luxury items, luring victims to provide their personal and payment credentials to check out deals that will never arrive.
As you await the delivery of your online shopping purchases during the holidays, look out for bogus messages asking you to pay separately for “express” shipping or for international customs checks. These are typically already handled by your eCommerce merchants. Fraudsters can use these shipping scams to defraud you of your personal information and credentials.
Visa’s Tips: Ask yourself three simple questions to spot fake merchants and deals before they strike you this holiday season:
- Do I trust the offer?
- Am I paying in a safe way?
- Do I need more advice?
3. Collect your personal data with bogus deals
The peak in travel during the holiday season leads to a surge in air travel, hotel reservations, and other related bookings. Fraudsters target these industries by creating fake websites, sending hoax emails about flight cancellations, and listing of non-existent holiday rentals to steal your data and funds.
In Asia Pacific, fraudsters use bots for activities like “seat spinning”³. Unauthorised online travel agencies (OTAs) deploy bots to reserve airline at scale without payment, then offer these seats on their own websites, collecting personal and payment data.
Visa’s Tip: Ensure you are booking your travel with trusted merchants by verifying the URLs of airlines, travel, and hospitality providers. Avoid online ads that may lead to fake travel merchants. Finally, paying via secure gateways like Visa can help you steer clear of fraudulent transactions and track any sudden cancellations or changes to your travel bookings.
4. Mislead you with fake apps
Fake holiday-themed mobile apps can also spring up during the travel season, offering services from itinerary planning to discovery to “fun” activities like tracking Santa across the globe.
While these can sometimes add value to the travel experience, they can also be fronts for malware that steal login and payment credentials. In fact, mobile malware in Asia Pacific recorded a 77% year-on-year increase in spyware targeting personal and financial data⁴.
Visa’s Tips: While it helps to only download apps from official app stores, it also helps to visit the retailer’s official website to confirm the app you’re downloading is the correct one. When using these apps, be aware of the permissions that you are granting to them to know what they will have access to on your phone. Finally, keep your devices updated to ensure your security is up to date.
5. Steal your cards and credentials
Finally, with holiday shopping on the rise and more people travelling this season, the risk of theft increases, especially in crowded places. In-person shopping creates opportunities for stolen payment cards, phones, or more advanced theft of payment credentials via automatic teller machine (ATM) skimming devices. Aside from digital threats, consumers must stay vigilant and protect their personal information.
Visa’s Tip: Stay aware of your surroundings and keep belongings secure in public places. Report suspicious devices at ATMs or POS devices to the authorities. In the event of a lost card, contact your bank or card issuer immediately or freeze your credentials on your mobile banking app to prevent unwanted expenses.
___________________________________________
¹ Phishing: distribution of attacks by region 2023 | Statista
² Visa 2024 Holiday Threats Report, accessed November 2024
³ Travel sector falls prey to cybercriminals | TTG Asia
⁴ Singapore ranks second in APAC for mobile malware and global IoT attacks | Singapore Business Review