Cybercriminals Target Your Holiday Cheer
There is an increase in cybercrime around Christmas and New Year that can be attributed to the holiday season’s unique online behaviors and opportunities that attract cybercriminals. During this period, there’s a surge in online shopping as people rush to buy gifts, often leading to a relaxed approach to clicking links and making transactions. This frenzy makes it easier for scammers to create fake websites or send phishing emails and smishing (SMS phishing) messages that mimic popular retailers or special holiday deals, thus capturing credit card details and personal information.
There is also a spike in email traffic, including promotional emails from retailers and holiday greetings. Cybercriminals exploit this with spoofed emails containing malicious attachments or links, often disguised as holiday promotions or greeting cards – and these days generative AI is helping to make them even more convincing.
The holiday spirit of giving is another avenue exploited by cybercriminals through phony charity campaigns, taking advantage of people’s increased inclination to donate. Additionally, the use of vacation auto-responses in emails can inadvertently inform cybercriminals about someone’s absence, providing them with an opportunity to time their malicious efforts.
Social media activity also heightens during the holidays, with many sharing their plans and experiences. This information is valuable to cybercriminals for crafting social engineering attacks or planning crimes like burglaries when they know homes are unoccupied.
Furthermore, during holidays, both businesses and individuals often exhibit a more relaxed approach to cybersecurity. This can be due to employees being on vacation, leading to slower responses to security incidents, or individuals being less vigilant about their online security practices.
Overall, the combination of these various factors creates an environment ripe for cybercriminal activity during the holiday season, necessitating increased vigilance in cybersecurity practices such as:
- Email Vigilance – Fraudulent emails, known as phishing – continue to be the most common vector for cyber criminals. Avoid clicking on links or downloading attachments in emails from unknown sources. Always verify the sender’s credibility.
- Be Alert to Smishing – Bad guys also apply all the classic phishing techniques to SMS messages – a technique dubbed “smishing”, so stay alert. (See our advisory on Understanding Smishing.)
- Vishing Awareness – Be wary of unsolicited phone calls, especially those asking for personal details or financial information. This tactic, known as vishing (for voice phishing), often involves scammers posing as representatives from banks, tax authorities, or other official institutions, and can even utilize AI-generated impersonations to sound like people you know. (See our advisory on Understanding Vishing for more information.)
- Safe Online Shopping - Shop only on reputable websites with secure connections (https://). Be cautious of deals that seem too good to be true.
- Strong Passwords and 2FA - Use unique passwords for each account and enable two-factor authentication for added security.
- Monitor Financial Statements - Regularly check your bank and credit card statements for unauthorized transactions.
- Skepticism of Unsolicited Requests - Be cautious of unsolicited calls, messages, or emails asking for personal or financial information.
- Charity Scam Awareness - Thoroughly research charities before donating and use official websites for contributions.
- Device Security - Protect your devices with updated antivirus software and keep operating systems current.
- Credit Card Use Over Debit Cards – Favor the use of credit cards for online purchases for better fraud protection.
- Avoid Public Wi-Fi for Sensitive Transactions - Conduct financial transactions or sensitive logins only on a secure, private network.
- Gift Card Scam Alert - Be skeptical of requests for payments or donations via gift cards.
Incorporating these practices can significantly improve your online safety and help you avoid becoming a victim of holiday scams.
