Waving Saltire Square and Compasses

The Provincial Grand Lodge of Stirlingshire

Square and Compasses Waving Saltire



Bad Santas are making their lists and checking them twice, gearing up to target users online! So please, have a look over the following

12 Scams of Christmas” and make sure to stay safe online over the festive period!


Charity Phishing Scams - Many popular charitable organisations encourage consumers to think of others during the holiday season through emails asking for year-end donations. 

Unfortunately, hackers also know consumers are in the giving spirit during the holidays and prey on their generosity through fake charity phishing emails. 

Here’s how it works: The hackers send fictional emails that appear to be from well-known charitable organisations, such as the Red Cross, the Salvation Army, and Oxfam that direct consumers to fake websites designed to steal their money. The websites are generally very professional with a fairly high amount of graphical content and designed to make the reader feel upset or guilty. Sometimes the layout and content of these fraudulent sites are copied directly from legitimate charity websites with simply a name and a logo changed.

To determine if an organisation’s site is legitimate, go directly to their Website to donate. Don’t ever click on a link sent in email.


Email Banking Scams – It’s this time of year that hackers attempt to take control of our bank accounts to bah-humbug the holidays with another common phishing scam.

Financial institutions are the most common phishing scam targets. According to the Anti-Phishing Working Group, 92% to 94% of all phish scams were financial-services related.

With these scams, the hackers send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don’t comply with the instructions, their account will become invalid.

So remember, call your bank by telephone if you’re concerned about your account. Never give your account details out as a result of an email request or you could fall victim to a popular phish scam designed to empty your wallet. And with the stress of the holidays, your guard might just be down enough that you fall for one of these scams.


Holiday e-cards - Most people never consider the dangers of e-cards but unfortunately there are plenty of dangers, especially during the holiday season. For example, a popular scam is a New Year’s e-card that includes a nasty surprise. When the consumer clicks on the link, they are brought to a malicious website that attempts to download Trojan software.

 Remember – if in any doubt about the legitimacy of an e-card, don’t open it. Never click on anything from an unknown source.


Fake Invoices - During the holidays, lots of friends and families order and send gifts online. This is no secret to stealthy Scrooges who try to trick consumers into giving away personal financial details through fraud invoices.

Here’s how this scam works: The hackers create a fake invoice or waybill and send it via email as an attachment. Once the consumer opens the email attachment there are a few variations of - the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.

In every instance, the email either asks the consumer for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.

Pretty tricky, huh? This kind of scam has been played on many consumers who believed they were receiving emails from FedEx, UPS or the US Customs Service but instead were delivered a deadly Trojan program or other threat that can lead to identity theft or hacker control of a computer.

To protect yourself, never give your financial details over email to an unknown recipient or open a suspicious attachment. If you want to ensure you are reaching shipping sites like FedEx or UPS, open a browser and directly access the Website. Also, ensure that your Internet security software is up to date to help spot Trojans and other forms of malware if you have opened a bad attachment.


You’ve Got a New Friend - As the joy of the holiday season brings people together and reignites old friendships, many of us are excited when alerted with a message that says, “You’ve got a new friend!” when using popular social networking sites.

Sadly, in some cases, after clicking on the notice, you NOT only do not have a new friend—you have downloaded malicious software that you can’t even detect. Of course, it’s designed to steal personal and financial information. Stay away from “friends” you don’t know.


Dangerous Holiday-related Search Terms - We love Santa too, but when clicking on the results of a “free Santa download” search, in addition to the Christmas-themed screensavers, puzzles, and pictures you find, you also could be clicking on adware, potentially unwanted downloads, and spyware. Be careful with the following search terms:

  • Free Santa holiday screensaver
  • Free holiday screensaver
  • Free Christmas screensaver
  • Free holiday downloads
  • Christmas tree download
  • Free Christmas wallpaper
  • Santa wallpaper
  • Santa screensaver
  • Santa ringtones
  • Santa mail download
  • Santa download
  • Free Santa music downloads

If in doubt, copy the URL into virus detection sites such as virustotal.com to determine if it’s safe.


Coffee Shop Cybercriminal - While everyone enjoys a warm gingerbread latte while surfing the Net at their local coffee shop, most are not aware of the dangers in surfing on unsecured networks. Attackers can jump on an unsecured wireless Internet connection with a program called a packet sniffer to see what Websites users are visiting, the passwords they are using, and what bank accounts they are accessing.

If you have the facility always use a VPN when connecting to a public wi-fi hot spot!


Password Stealers - 53% of users admit they use the same password for multiple websites or online services. Consumers need to know that free and low-cost tools exist that make it easy for bad guys to guess passwords and hack into users’ PCs.

It’s been found that attackers go after passwords for banks and e-commerce sites, multi-player online role playing games, instant messaging and finally, social networking sites to get at your corporate credentials.

Mix it up! By using the same password, an attacker only has to nab one password to hit all of a user’s accounts.


Fraud via Auction Sites - Nearly 40% of Christmas consumers are expected to visit auction sites to find gifts this holiday season, shoppers must be aware of scammers who will use the increased activity of the holiday season to prey upon new victims. Be sure to read the security and safety policies from such sites as eBay. You’ll learn how to protect your account and buy safely.

eBay’s Online Safety Advisor, Rich LaMagna, recommends the following:

  • Use your common sense. If an item looks too good to be true, it probably is.
  • Carefully review the seller’s ratings and feedback to be sure that he or she has a positive rating. Learn more about the item before bidding on it by carefully reading all of the information in the item listing, including the seller's policies.

Pay with a safe payment method such as PayPal or your credit card. These methods offer the most protection for buyers should something go wrong with the transaction


Holiday-themed Email Attachments and Spam - The bad guys know that emails with holiday-inspired subject lines are intriguing to most consumers. A recent survey found that 49% of consumers have opened or would open an email with a holiday themed attachment.

Consumers should beware of emails that prey upon their holiday spirit, inviting them to look at homes bedecked with lights or PowerPoint presentations with vague holiday-related subjects. For example, last year an email made the rounds with a Microsoft PowerPoint called “Christmas Blessings” that contained malicious software.

Some examples of subject lines bad guys use to lure consumers into opening a friendly-looking email are “Happy 2018 to you!”, “Happy 2018!” and “New hope and new beginning”.

Be wary when you see these titles and don’t open attachments with odd-looking URLs. You can hover over links in an email and check the domain. If you do decide to click and visit a website - be sure to check the padlock and SSL certificate. The most important check is to see if the certifcate matches the domain you think you are on. If you clicked a link to google.com and the certificate says g--ogle.com then stop!


Online Identity Theft - Online shopping offers the 3 Cs: cost, convenience and choice.

 90% of consumers have some level of concern about shopping online. Unsure of where to shop, they rely on friends and family to determine the safety of a website, but friends can only advise on personal experiences, and some sites may have security issues that aren’t readily apparent.

For example, sites that store your personal information can be vulnerable to cybercriminals who hack in to steal your identity. In fact, research shows that as many as 80% of websites have known vulnerabilities.


Laptop Theft - And the last way the bad guys can take the merry out of your Christmas is by outright stealing your laptop! According to the research firm Gartner, 97% of laptops are never recovered.

While you are out enjoying the festivities of the season, make sure to be particularly vigilant at this time of year and never leave your laptop in sight in your car.

Stop. Think. Protect.



Please contact our Webmaster with any Technical Comments or questions about this site or to provide updates to the site content.

Disclaimer - for the use of this site please refer to the Terms and Conditions and the Privacy Policy by clicking on the relevant button in the index.

Copyright © The Provincial Grand Lodge of Stirlingshire All rights reserved 2002 - 2018