How to Avoid Cybersecurity Scams This Holiday Season

November 21, 2017

We use a wide range of digital tools to shop, and roughly 80 percent of adults purchase products online. Last year, half of website visits and 30 percent of online sales were conducted via mobile devices. Gift givers are going mobile to conveniently compare products, read reviews and make purchasing decisions while out and about. From new computers and tablets to smart home devices, technology also ranks high on consumer gift and shopping lists.

This trend has not gone unnoticed by cyber criminals. As the holiday season approaches, as does the increased risk of being targeted by cyber criminals. Hackers are gearing up to take full advantage of unsuspecting consumers by not only setting up counterfeit retail apps but also mimicking retail emails and websites to steal financial and personal credentials.

Given the increasing use of BYOD (bring-your-own-device) policies by many businesses, it’s important to understand that your employees and/or clients are consumers. If one of your employees falls for one of the many holiday scams, your corporate data may be vulnerable to hackers who are now able to use infected devices to gain access to your internal network.

Here are some tips on how to avoid being scammed this holiday season:

Check the reviews.

Whether you’re browsing a new retail website or an app, make sure to check the reviews. What are other users saying about their experience? From their reviews, does the website or app seem legitimate? However, be wary if there are only positive reviews as hackers can create phony recommendations.

Check for spelling mistakes in the retail app’s name or website.

Counterfeit retail apps may have a very slight typo in their name that can be missed by most people and the same remains true for a fake website of a known retailer. Cyber criminals use “typosquatting” to take advantage of common typos users may make when typing the URL in the address bar and have a fake version of the website set up to mimic the real version in order to steal financial and personal information.

Always browse securely.

Only shop from websites that are SSL-secured, which can be verified by the presence of a locked padlock on the browser’s URL address bar. Secure websites also use https:// instead of http://. Secure websites encrypt the data, making it significantly harder for hackers to access it.

Verify any email correspondence asking you to download an attachment with the sender directly.

Hackers are exploiting consumers by impersonating popular postal mail couriers such as FedEx, UPS, etc. and are asked to download an attachment for more information on an expected delivery. Instead of downloading the attachment, make sure to call the customer service department to verify the email.

If the offer is too good to be true, it probably is.

Hackers have started buying advertising on popular social media platforms, such as Facebook and Twitter, so if you see an offer that seems too good to be true, be aware that it probably is. Holiday shopping can get expensive so consumers are often hunting for the best deal on a product so if you click on an advertisement for a sale, look out for any, and all, signs that it could be fake. When in doubt, skip the offer.

Don't shop online via public Wi-Fi.

Regardless of whether or not the public Wi-Fi network is secured, it's best to skip shopping online, or conducting any financial transactions, if you're using public Wi-Fi to connect to the Internet. You never know who's watching. 

As consumers begin to shop more online or rely on mobile applications out of convenience, it’s often up to enterprises to help educate their employees on how they can stay safe online this holiday season.

If you have any questions or would like support in securing your endpoint devices, please connect with a Herjavec Group security specialist.

To download this blog as a tip sheet, click below. 

Download the Tip Sheet PDF

About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across the United States, the United Kingdom, and Canada. For more information, visit

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn


*By selecting one of the communications above, you consent to Herjavec Group
 sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn