’12 days of Christmas’ gone wrong with schemes to steal money, identities

Composite image with background photo by Romolo Tavani, overlays by R-4Design and Tero Vesalainen | All images from iStock/Getty Images Plus, St. George News

ST. GEORGE — The Mesquite Police Department has launched a social media campaign dubbed “the 12 Scams of Christmas” which showcases a dozen scams designed to separate holiday shoppers from their money and sensitive information through deceptive scheming.

A fraudulent ad that appears to originate from Google Chrome that is used to steal sensitive information was posted on Mesquite Police Department’s social media site. | Image courtesy of the Mesquite Police Department, St. George News

One scam posted on the department’s Facebook page caught the attention of St. George News and involves pop-up ads or emails offering free gift cards, iPhones or other products that are often used as a ploy to gather sensitive information that can later be used for identity theft.

Mesquite Police Sgt. Wyatt Oliver said the department decided to post the various scams that tend to circulate during the holidays by breaking them up into the 12 Days of Christmas.

“That way, the public is notified of one scam a day,” Oliver said. “Instead of dumping a whole bunch of information all at once.”

He also said the purpose surrounding the posts is to protect the public and reduce the risk of becoming a victim to identity theft and fraud, which may be even more prevalent this year due to the increase in online shopping that is expected to take place due to COVID-19.

Relating to the iPhone scam, Mesquite posted a screenshot of what appears to be a Google ad promoting a free iPhone for the user if they complete a survey. The ad, however, is fraudulent and is actually one of many sophisticated adware programs developed by cybercriminals to take over regular browsers and then modify the settings to redirect the user to less secure websites that display Google prize scams, malicious pages or other deceptive content.

In some cases, the Google prize scam is actually a virus infection that hijacks all of the installed browsers on the system and starts accessing non-personally identifiable information, including browser history, frequently visited pages and so on. Many users have no idea adware is being installed on their computer, since much of it is being done in the background that keeps the activity hidden.

Once it is installed, the adware tries to collect sensitive data by claiming the user is being rewarded for using Google services and will win a prize once they complete a survey or answer a few simple questions.

It is only after the survey that a demand to sign up appears which is when users are tricked into providing their email address, login credentials, and sometimes even credit card details and information that is “needed” for verification purposes.

The data gathered is often sold in an underground market and later used for further phishing attacks. Moreover, these programs can cause computer infections that can lead to significant privacy issues, financial loss and even identity theft.

Scammers have also created alternative names similar to Google prize, including the Google Membership Rewards scam and  Congratulations, you won, among others, to trick the user into believing they are applying to win valuable prizes on multiple sites. In reality, they’ve released their information to fraudsters and win nothing.

Stock image | Photo by Thitichaya Yajampa/iStock/Getty Images Plus, St. George News

Regardless of the different names, these sites were created for one purpose – to record and save the information gleaned from their unsuspecting targets. Even though the sites appear to be legitimate, the scam pages were not created by Google or any other legitimate corporation.

Importantly, many of the fraudulent sites viewed contained a padlock icon in the web browser, which tells the user that site is secure and any communication with the site is encrypted – a type of connection designed to prevent anyone from reading or modifying the data exchanged with the website.

Users may be experiencing a false sense of security though, according to the FBI, as cybercriminals have caught on and are banking on the public’s trust by including verification certificates, which trigger the padlock icon, for websites designed to steal sensitive information.

“The presence of ‘https’ and the lock icon are supposed to indicate the web traffic is encrypted and that visitors can share data safely,” the FBI wrote in the alert. “Unfortunately, cyber criminals are banking on the public’s trust of ‘https’ and the lock icon.”

The FBI advised not to trust a website just because it has a lock icon or “https” in the browser address bar, but to look for misspellings, incorrect web addresses or other oddities and then to call or contact the company directly to confirm the information.

Other scams posted on Mesquite’s site include a temporary holiday job scam, that involves solicitations advertising holiday positions available that require the applicant to share personal information online or to pay for a job lead. There is also a grandparent scam, where fraudsters posing as a family member claim to be in an accident or other emergency and ask for money, as well as other scam alerts posted on the police department’s site.

For more information on illegal schemes or fraud, go to the Better Business Bureau’s “Scam Tracker” by clicking here.

Copyright St. George News, SaintGeorgeUtah.com LLC, 2020, all rights reserved.

Free News Delivery by Email

Would you like to have the day's news stories delivered right to your inbox every evening? Enter your email below to start!