Cyber Security News

Avoiding the 12 Scams of Christmas

Tis the season to be jolly, but unfortunately, it's also the season when cybercriminals are working overtime to steal your holiday cheer.

As the holiday season approaches, the digital landscape transforms into a hotbed of cyberattacks and online scams.

The numbers are staggering and paint a concerning picture of the increased threat during this festive period. According to statistics, cyberattacks see a substantial surge during Christmas.

In fact, data reveals that holiday-related cyber threats have spiked by a whopping 60% over the past few years. This alarming rise in cybercrime isn't just coincidental; it's a well-coordinated effort by hackers to capitalise on the chaos and distractions that often accompany the holidays.

So, before you unwrap those presents or hang the mistletoe, it's crucial to understand the gravity of the situation.

In this article, we'll delve into the reasons behind this surge in cyberattacks during Christmas and arm you with the knowledge and tools you need to protect yourself, your loved ones, and your digital presence during this festive season.

Let's explore why the 12 days of Christmas now come with a different kind of countdown – one that counts down the risks and vulnerabilities lurking in the virtual world.


Phishing Emails and SMS'

Cybercriminals often send fake emails or SMS' that appear to be from legitimate sources, such as shipping companies or online retailers, asking you to click on links or provide personal information.

This technique is known as phishing.

The goal is to manipulate you into clicking on malicious links or providing confidential information, which can then be used for fraudulent activities.

Phishing relies on social engineering techniques to exploit human psychology, making it crucial for individuals to exercise caution and verify the authenticity of online communications to avoid falling victim to these scams.

You can read more about social engineering HERE.


Fake Online Shopping Websites

Fake online websites are fraudulent and deceptive platforms created by cybercriminals to mimic legitimate websites, often imitating well-known brands or online retailers.

These malicious websites are designed to trick you into making purchases or providing personal and financial information.

The products or services offered on fake websites are usually counterfeit or non-existent, leading to financial loss for victims.

To protect yourself from falling prey to these scams, it's essential to verify the legitimacy of websites by checking for HTTPS encryption, reviewing customer reviews and ratings, and conducting background research on the site and its operators before making any transactions online.

You can read more about how to assess if a web site is safe to use HERE.


Gift Card Scams

Cybercriminals may send requests for gift card purchases via email, pretending to be a friend, family member, or colleague in need.

The use of 'manufactured urgency' is a strong and effective psychological weapon as we discussed in our 'Hi Mum' SMS article.

These scammers typically send messages via email, text, or social media, asking for gift card codes or numbers, often under the pretext of emergencies or special occasions.

Therefore, it's essential to verify the legitimacy of requests for gift cards, especially when they come from unexpected sources or seem urgent.


Social Engineering Attacks

Social engineering is a manipulative technique used by cybercriminals to exploit human psychology rather than technical vulnerabilities.

It involves the art of deceiving individuals or organisations into divulging confidential information, providing access to systems, or performing actions that compromise security.

Social engineers often employ various tactics, such as impersonating trusted entities, exploiting trust and authority, creating a sense of urgency or fear, or using flattery and persuasion to manipulate targets.

This form of cyberattack can take many forms, including phishing, pretexting, baiting, and tailgating, and it relies on the natural inclination of people to trust and help others, making it a significant threat to information security.

You can read our article about how to spot (and avoid) social engineering tactics HERE.


Malicious Attachments

Cybercriminals use malicious attachments as a common tactic to infect computers and compromise security.

These attachments often come in the form of files attached to emails, and they may appear harmless or even enticing, such as a document, PDF, or image.

Once opened, these attachments can contain malware, such as viruses, Trojans, or ransomware, that can infect the recipient's device.

These malware programs can then steal sensitive information, gain unauthorised access to the system, or encrypt files for ransom.

To avoid falling victim to such attacks, it's crucial to exercise caution when opening email attachments, especially if the sender is unknown or the email seems suspicious.

Regularly updating antivirus software and maintaining strong cybersecurity practices can also help mitigate the risks associated with malicious attachments.


Charity Scams

Charity scams at Christmas are heartless attempts by fraudsters to exploit the spirit of giving during the holiday season.

These scams involve cyber criminals posing as charitable organisations or individuals seeking donations for seemingly worthy causes.

They often use emotional appeals and persuasive tactics to manipulate victims into sending money or personal information.

To avoid falling victim to charity scams, it's essential to verify the legitimacy of any charity or fundraising campaign before donating.

Always donate through official websites or trusted channels, and be cautious of unsolicited requests for donations, especially if they come via email, phone calls, or social media.

You can find out more HERE.


E-card Scams

E-card scams are deceptive schemes where cybercriminals send fraudulent electronic greeting cards, or e-cards, to unsuspecting recipients.

These e-cards may appear to be from a friend, family member, or even a well-wishing stranger.

However, when opened or clicked on, they often contain malware or direct the recipient to phishing websites designed to steal personal information or infect their device.

E-card scams exploit the trust people place in festive messages, making it crucial to be cautious when receiving e-cards from unknown sources.

It's advisable to verify the sender's identity and the legitimacy of the e-card before interacting with it to protect against these online threats during holidays and special occasions.


Package Theft

Whilst not a cyber crime, we wanted to include this one as package theft, also known as 'porch piracy' is a growing concern, especially during the holiday season when an increased volume of packages are delivered.

It involves thieves stealing packages left on doorsteps or in letterboxes before you can retrieve them. These thefts are particularly frustrating as it can take some time to know that it has occurred (by the time you report your parcel not having turned up to discovering it was delivered but has been stolen).

To prevent package theft, individuals can consider using delivery options that require a signature, using package lockers, installing security cameras, or having packages delivered to a secure location, like a neighbour's house or a workplace.


Public Wi-Fi Risks

Public Wi-Fi risks during Christmas can be heightened due to the increased number of people using open networks in shopping malls, airports, cafes, and hotels while traveling or doing holiday shopping.

Cybercriminals often take advantage of these crowded networks to intercept sensitive information, including login credentials and financial data.

Since public Wi-Fi networks are typically less secure, it's essential to exercise caution when connecting to them.

Avoid accessing sensitive accounts or conducting online shopping or banking transactions on unsecured networks. Instead, consider using a virtual private network (VPN) to encrypt your internet connection and protect your data from prying eyes.

As most people access public wifi using their phones, here's a reminder of how to keep your smart phone safe from cyber attacks.


Ransomware Attacks

Ransomware is a malicious software or malware that encrypts a victim's files or entire computer system, rendering them inaccessible.

The attackers then demand a ransom, usually in cryptocurrency, in exchange for the decryption key to unlock the files.

Ransomware attacks can have severe consequences, causing data loss, operational disruptions, and financial harm to individuals and organisations.

Cybercriminals often use social engineering tactics to trick users into downloading or executing the ransomware, making it crucial for individuals and businesses to practice strong cybersecurity measures, including regular backups, software updates, and security awareness training, to defend against these destructive attacks.

You can find out more about ransomware HERE.


Smishing (SMS phishing)

If you live in Australia, you have no doubt received many of these...

Smishing, short for 'SMS phishing' is a cyber scam that involves fraudulent text messages sent to individuals with the aim of tricking them into divulging sensitive information or taking harmful actions.

These messages often impersonate legitimate sources, such as banks, government agencies, or well-known companies, and they typically contain links or phone numbers that direct recipients to phishing websites or phone lines.

To protect against smishing, it's crucial to be cautious of unsolicited text messages, avoid clicking on suspicious links, and verify the authenticity of any messages or requests before taking any action.


Tech Support Scams

Tech support scams are deceptive schemes where fraudsters pose as legitimate tech support representatives from well-known companies like Microsoft or Apple.

They typically contact victims through unsolicited phone calls, pop-up messages, or emails, claiming that the victim's computer has issues, viruses, or security threats.

These scammers often pressure individuals into granting remote access to their devices or paying for unnecessary tech support services.

In reality, the scammers aim to steal personal information, install malware, or extract money fraudulently.

To avoid falling for tech support scams, it's essential to be skeptical of unsolicited communications, never provide personal or financial information to unknown callers or websites, and only seek tech support from reputable sources you initiate contact with.

These '12 Scams of Christmas' highlights the range of cyber threats that intensify during the holiday season.

From phishing emails and fake online shopping sites to gift card scams and social engineering attacks, cybercriminals exploit the festive spirit and heightened online activity to target individuals and organisations.

Staying vigilant, practicing strong cybersecurity habits, and verifying the legitimacy of online communications are essential steps to safeguard against these scams and ensure a secure and joyful holiday season online.