Thanksgiving is the traditional start of the holiday season. And while most of us are gorging ourselves on food, scammers and cyber criminals are having a bonanza of their own.
Fraud abounds throughout the holidays and into tax season, which starts after New Year’s Day, according to Sam Horowitz, UC Santa Barbara’s chief information security officer.
“Everyone is a potential victim,” Horowitz noted in a reminder to the campus community. “You can protect yourself and your family by following simple cybersecurity practices at work and home.”
Here are some tips and resources to stay informed and stay cyber-safe all season long:
• Good security starts with basic practices, such as using good passwords and keeping your antivirus and computer software updated. Find more information on the UCSB security website at https://security.ucsb.edu/news/make-it-habit-eight-habits-keep-you-safe-online.
• Online shopping, now a year-round activity for many, is sure to spike with a wave of Black Friday and Cyber Monday sales. You can find great tips for protecting yourself and your purchases at https://security.ucsb.edu/news/tips-protect-your-information-during-holiday-online-shopping-season.
• The holidays are a time of charitable giving and, unfortunately, the time when philanthropic fraud is the highest. The Federal Trade Commission provides great resources and advice to help you better understand how to donate safely at https://www.consumer.ftc.gov/articles/0074-giving-charity.
• Tax season is right around the corner, and despite beefed up security measures on online filing, criminals are still able to bilk millions out of unsuspecting taxpayers. The IRS offers guidance on how best to protect yourself at https://www.irs.gov/newsroom/tax-scamsconsumer-alerts.
Horowitz also encouraged caution when clicking links, noting key things to look for in messages from any source.
“I put the entire URLs into my messages,” he said. “You can see the full URL and you don't have to click them. You can cut and paste them into your browser. Second, all of my links are secure HTTPS links. When you go to a website, you'll see the lock symbol. You can click on the lock to see who owns the site. Finally, you can test all links regardless of their source using a service called Virus Total at https://virustotal.com. Click the tab labeled ‘URL’ and paste a link in the search box. More than two dozen antivirus engines will scan the website looking for malware. You'll get a report card showing any companies that find something wrong. It's an excellent tool to use anytime you're suspicious of a URL from any source. Even from me.
“I like hearing about people that spot a scam and don't fall for it,” Horowitz said. “While I don't like hearing about victims, I do try to keep track of reports that may show signs of a widespread problem across campus.”
Anyone who becomes a victim of fraud this season can contact Horowitz at firstname.lastname@example.org.