As the festive season approaches, cybersecurity experts are warning businesses and consumers alike to be extra vigilant against the rising tide of cyber threats. With many shoppers hunting for deals or searching for the perfect gift, cyber criminals are ready to exploit the season’s excitement.
According to cybersecurity provider, ramsac, this period traditionally sees a sharp increase in scams and data breaches, as cyber criminals target unsuspecting victims.
Data from the Cybersecurity and Infrastructure Security Agency (CISA) in the US shows a rise in attacks during holiday periods, and in the UK, statistics reveal a 30% increase in targeting organisations during this time.
Phishing emails are a year-round threat that peaks during the holidays
Phishing emails are one of the most common threats, and while they are a year-round risk, they tend to spike during the holiday season.
Cyber criminals often pose as legitimate companies, offering incredible deals on popular products or asking for “reviews” as a means to steal personal data. In some cases, emails may even ask for money, disguised as a gift request.
To defend against phishing emails, ramsac experts recommend taking the role of a “human firewall.” This involves being proactive and cautious when interacting with suspicious emails. Key tips include:
- Check the email address for any irregularities.
- Look for repeated spelling or grammar errors, or poorly worded emails.
- Ensure the name of the sender is legitimate.
- Avoid clicking links in emails from unfamiliar sources.
- If the email seems to come from a colleague, reach out to them on an alternative platform to verify its authenticity.
Fake charity scams
During the holiday season, scammers often target the goodwill of people by posing as charities. If you receive a request for donations, it’s crucial to verify the legitimacy of the charity.
In the UK, charities must be registered with the Charity Commission, and any communication you receive should include their registration number.
If there’s no charity number provided, it’s best not to engage.
Compromised websites
As more people shop online for Christmas presents, cyber criminals may compromise websites to steal personal data, sometimes without the shopper realising.
People are often in a rush to find bargains and may overlook warning signs, such as ignoring antivirus alerts when browsing or failing to double-check the URL.
Watch out for small details that may signal a compromised site, like spelling mistakes in the web address (e.g., “Gooogle” instead of “Google”) or numbers replacing letters (e.g., “Go0gle” or “Googl3”).
These subtle changes are often indicators of a fraudulent site.
Too good to be true deals
With many consumers on the lookout for the best possible deals, scammers frequently use the promise of deeply discounted items to lure in unsuspecting buyers.
These scams may involve products listed on legitimate platforms like Amazon or eBay, but the product received could be entirely different from what was advertised—or worse, it might not arrive at all.
If a deal seems too good to be true, it likely is. Always trust your gut instinct and avoid purchasing from suspicious sites offering unrealistically low prices.
Gift card scams
Gift card scams are another common holiday threat. In these scams, fraudsters impersonate senior company executives, requesting employees to purchase gift cards, often in amounts between £500 and £1000.
During the festive season, these requests may be disguised as holiday gift purchases, making them appear more legitimate.
Employees should be trained to spot these scams and escalate any suspicious requests internally before any money is spent.
Social Engineering
Cyber criminals increasingly use social media platforms to gather information about potential victims through social engineering tactics.
By posting seemingly innocent questions, such as “Most Brits say they’re at home for Christmas but where are you?” or “When do you finish work for the holidays?”, criminals can gather useful data.
This information can then be used to plan physical break-ins or cyber-attacks when targets are away from home or less likely to notice breaches.
