Overview
- The SSC’s Cyber Police in Mexico City issued an alert about a scheme pushing fake “Christmas gifts” via messaging apps and social media to harvest banking data and passwords or install malware.
- Scammers drive victims to look‑alike websites that request sensitive information or seek device permissions that compromise security, according to the official notice.
- Palo Alto Networks reports a concurrent uptick in organized holiday campaigns, including the Morocco‑based “Jingle Thief” operation that abuses insider access to generate fraudulent gift cards for resale.
- The firm also notes renewed activity by Scattered LAPSUS$ Hunters with fresh data‑leak threats targeting global tech companies and efforts to recruit insiders.
- Consumer guides highlight five prevalent holiday frauds in the region—fake coupons, bogus delivery notices, sham social‑media giveaways, bank‑impersonation calls, and marketplace payment tricks—urging 2FA use and immediate reporting to banks and authorities.