It's definitely the most wonderful time of the year for cyber scammers! Especially during the holidays, the Internet is a place where anyone can appear to be someone they are not, then disappear without a trace after perpetrating a crime. This holiday, give yourself the gift of not being a victim. Never give away your NetID password—not in email, not on the phone, and not in person. Also, if you don't know BOTH of these things:

• How to read URLs, and
• How to identify the EV certs at outlook.cornell.edu and CUWebLogin

Watch the video: Essentials to Avoid Online Scams

Black Friday/Cyber Monday Specials

Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information—but never deliver the goods. Sites that seem to have incredible discounts should be a red flag. Remember that when a "special offer" is too good to be true, it usually is. For instance, never click on links in emails or popups with very deep discount offers for watches, phones, or tablets. Go to the real website yourself, by searching for it at Google.com, and check if the offer is legit. 

Complimentary Vouchers or Gift Cards

Don't fall for offers from retailers or social media posts that offer phony vouchers or gift cards paired with special promotions or contests. Some posts or emails even appear to be shared by a friend (whose account may have been hacked). Develop a healthy dose of skepticism, and think before you click on offers or attachments with any gift cards or vouchers.

Failed Shipping Notices From UPS and FedEx

Watch out for fraudulent emails that claim to be from UPS and FedEx to report your package has a problem or could not be delivered. This is a common phishing attack that tries to make you click on a link or open an attachment. Instead, your computer could be infected with a virus or even ransomware that holds all your files hostage until you "pay a ransom fee."

Holiday Refunds

We all love getting refunds! Scammers know this, so they pretend to be companies like Amazon or eBay and claim that a "wrong transaction" requires your information to be fixed. However, when you fill out the refund-claim form, the personal information you give away is sold to cyber criminals. 

Chances to Win

A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, "Star Wars: The Force Awakens," due out on Dec. 18. However, the email is a phishing attack. Leading up to the film’s release, and shortly after, watch out for this social engineering attack and don't fall for the scam. 

Travel and Event Confirmations

It's common to let your guard down when you are expecting to get reminders or updates about a trip or event you've planned. Scammers throw out bait (emails about travel or events) hoping you'll think they are legitimate emails. They phish around until you bite! Triple check emails purporting to be from airlines and event dealers like TicketMaster.com. In many email programs and browsers, hovering over a link *without* clicking lets you see the real destination for the link, often displayed in the bottom corner. Always confirm the source before you click.

BONUS TIP: Never use insecure public Wi-Fi to shop with your credit card. Only shop with a secure connection at home. Oh, and never pay online with a debit card—only use credit cards. If the debit card gets compromised, the bad guys can empty your bank account quickly.

Be cautious, be safe, and have a very happy holiday.