Often the victims themselves provide all the information necessary for the hackers to do their work. A hacker can trick an unaware customer service representative into believing that they are you by using information you put on Facebook, Twitter, LinkedIn etc.
Or, as in the case of the wish list, they use it to trick you into thinking that they are a business you know and trust.
In these wish list crimes, hackers are taking advantage of the fact that retailers offering wish lists enable customers to make their lists publicly searchable. If a target has made his or her list public and has added items that they intend to give as gifts, then the attacker writes an email saying that one of the items is now 30% off and that if you click that link, you can get a code.
People are now in the holiday rush. People who haven’t done their shopping are starting to feel panicked, overwhelmed and short of time. When we are high in our emotions, we don’t think as logically as we normally would. So, maybe getting a coupon from a vendor I haven’t ever done business with is something I would notice if I had time to think about it, but if I’m panicked in my last 48 hours of Christmas shopping, I might do something stupid if I get a coupon code for something I was looking for.
Once you click, the hackers can do any number of things. They might just offer to send you the discounted item after you enter your credit card number. Or they’ve created a page that mimics an Amazon web page for example, where they ask you to log in. They can then steal credentials such as the last four digits of your credit cards and any shipping addresses you’ve entered. Then, they use that information to start other attacks on you, such as by calling your bank with your credit card information and address to get access to that account. Or they use your Amazon login and password on other sites since people often reuse passwords.
The hackers do their homework. They get into one account and use that information to get into a more critical account. So maybe it’s not a big deal they got into your Twitter feed, but then they use information from it to get into your bank, so it’s an expanding web where they launch an attack that seems simple but, has far-reaching consequences.
People often think that they will never fall for a phishing scam, but, 90% of the people will give the proper spelling of their name and their email address without confirming the identity of the person requesting it.
So beware. If an offer seems too good to be true, then stop. Instead of clicking directly on the link offered, go directly to the company website to obtain that offer, so you can be sure it’s legit. And if it’s not, then think of this precautionary step you took as your Christmas gift to yourself.
Stay cyber-safe this Christmas.