During the holiday season, hackers are after just one thing: your account credentials.
According to a year-end report from cybersecurity giant McAfee, not only does it give criminals access to a variety of consumer accounts – since shoppers chronically re-use their account logins during the holiday season – but it also gives bad guys the opportunity to trade personal information on the dark web, McAfee said.
“In their eyes, it’s the gift that keeps on giving,” McAfee said in a statement sent to Fox News.
Consumers’ account credentials are traded and sold among cybercriminals in the underground “like baseball cards,” the cybersecurity company added.
This happened early this year after a holiday haul of credentials. McAfee’s Advanced Threat Research team found that more than 2.2 billion stolen account credentials were made available on the cybercriminal underground over the course of the first quarter of 2019.
“This growing trend of personal online accounts for retailers being made available on the underground, and increasingly sophisticated threats means that the 2019 Holidays could be the most dangerous yet for consumers,” McAfee said.
The likelihood that the scams will succeed are still too high. A whopping 37 percent of American respondents to a McAfee survey admit that they don't check an email sender or retailer’s website for authenticity.
That increases the chance of getting scammed because scammers lurk behind authentic-looking shopping sites and phishing emails.
The scams work: 30 percent of respondents to the McAfee survey have lost more than $500 to online scams this year. Earlier this year, McAfee identified a credential-stealing scheme that was deployed to Amazon users prompting them to click on a link in order to purportedly fix an issue with the user’s account.
This holiday season the top three scams to watch out for based on McAfee’s survey:
- 48 percent of Americans were exposed to robocalling scams in 2019, making it the worst scam of the year
- 41 percent of Americans fell victim to email phishing
- 35 percent fell victim to text phishing