As we are focusing on Cyber Security this month, and next month will see us go through the run up to Christmas, it’s the ideal time to be talking about Christmas Cyber Security scams. Unfortunately, the Christmas period brings about fresh opportunities for Cyber Criminals, meaning everybody needs to be more vigilant in the run up to the big day.
Criminals know that everybody is likely to be a little frantic, rushed and perhaps maybe not as switched on as normal during December as they try and sort out gifts for the big day. With people more vulnerable to not spotting potential threats, this gives criminals the ability to take advantage of users online.
- Fake Gifts. When it comes to trying to source a loved one their dream gift, many of us will go out of the way to search online for the cheapest version of the product you’re after. This doesn’t only mean you’re potentially buying fake products, but you could also be giving your money away and not even receiving anything in return. Make sure that websites are legitimate to order from my checking they are secure (https not http).
If they don’t have any contact details visible and ask for money over the phone, these are other red flags that the company isn’t planning on giving you anything for your spend. It’s always a safer bet to pay a more common and expected price for a gift, as if a product’s price seems to good to be true, it probably is. - Malware ridden E-Cards. It’s a horrible thought that anybody has the heart to do this, but unfortunately 2016 saw an unprecedented rise in this scam, and 2017 is expected to be worse. During the Christmas period you may be receiving emails and email Christmas cards from unknown sources. Make sure you don’t open an email or link from any sender that you don’t recognise. These ‘Christmas’ cards could potentially contain all that’s needed to infect your computer with a virus or steal your information and data.
- Fake Charities. Many of us take the time to give to charities during the Christmas period, and with a lot of us spending more time online, charities are now taking to social media and email marketing to spread their cause and ask for money. This can cause problems when criminals can set up seemingly legit looking accounts or websites and ask for money in the name of a well-known charity. The best way to avoid this scam is to simply make sure that you’re on the legitimate official website, social media account or email address for that charity. If anything looks out of the ordinary, it probably is.
- Desktop Backgrounds. It seems far fetched, but last year saw an increase in malware contained in desktop bundles that have a series of cheery Christmas images designed to give a user a feast for the eyes of rotating festive images for their desktop background. Never download zip files from an unknown source, and if you’re keen to have something festive as your background, use a trusted free image source to find your images such as unsplash.com Websites asking for money for images, or offering bundles of downloads, are likely to be fraudulent.
- Giftcards E-Mails. Giftcards are a popular choice of gift for many of us, as they’re easy and can be cheaper than forking out for a specific product as a gift. Criminals know this to, and have devised scams that sends a user a receipt for a giftcard they don’t remember purchasing. When the user decides to then cancel this giftcard purchase, they will be asked to hand over personal details such as credit card information. Look out for email receipts that don’t come from an official recognised source and don’t trust anything that doesn’t look 100% real.
- Social Media Messages. Similarly to email circulation, many of us send animations and attachments to our friends on social media during Christmas time to wish them well. Unfortunately, your friends may be accidentally sending you malware. Be careful not to open any attachments or links that don’t look familiar, even if they are coming from trusted friends and families. It’s possible that they could have clicked on something malicious themselves that is sending an automated bot out to reply to all friends and messages with malware.
- Fake Holidays. Many people book their dream summer getaway during the Christmas period, or perhaps as a gift for a loved one. Criminals know this too well, and will be creating fake websites, advertisements and packages online that appear to be selling you your dream holiday at a dream cost. Be it a pop up or social media advert that leads to infection or a full on booking scam, there are many possibilities for attacks. Only book or click on holiday deals that are from a reputable company, website URL and source. If a holiday deal seems way too cheap to be real, it likely isn’t!
- Fraudulent Surveys. Fake surveys are circulated all year round, that promise a cash reward or gift once the user fills out the survey. Knowing that most people are keen for some extra cash around Christmas, fraudulent surveys are on the rise around Christmas time. If you find a survey asks for bank and credit details, it’s highly likely it’s fake. It’s also generally very rare to find a legitimate website that legally offers cash rewards for survey completions. Close pop ups to surveys and don’t fill in anything that requires your personal information.
- Shipping Status Emails. Another popular email scam during the Christmas run up is to send users shipping updates of products that they didn’t remember ordering. Many of us will be expecting legitimate shipping updates as we order online over the Christmas period, so there’s a higher chance of these updates being opened and the links being clicked through to. Once opened, these links could infect your machine or similar to the giftcard scam, demand personal details from the user such as bank account details.
- Wi-Fi. We’ve mentioned the dangers of Wi-Fi hotspots previously, but with a lot of people shopping from their phones and giving away personal details on their mobiles during the Christmas period, it’s especially important. Never connect to an unknown source, and generally, avoid online shopping using public Wi-Fi’s even if they are normally secure sources. Reference EdgeIT.