By understanding the common tactics used by cybercriminals during the holiday season, businesses can enjoy the festivities while minimizing the risk of damaging cyber incidents
By understanding the common tactics used by cybercriminals during the holiday season, businesses can enjoy the festivities while minimizing the risk of damaging cyber incidents
As the festive season looms, cyber criminals and malicious actors are poised, ready to strike on unsuspecting victims. With many hunting for a bargain or looking for that perfect gift, it’s the perfect time for scammers to act, and many are successful during this time. Cybersecurity provider ramsac are warning businesses and consumers alike to be extra vigilant this holiday period to ensure they protect themselves from damaging scams and data breaches.
Insight from the Cybersecurity and Infrastructure Security Agency (CISA) in the US showed that they were seeing increased volume of attacks and threats over holiday periods. In the UK, stats show a 30% increase in targeting organisations during the holiday period.
But what are these threats and how can you defend against them?
Phishing emails
Phishing emails are a year-round danger but during the holiday season, they increase both in threat level and in volume. Scammers posing as legitimate companies may offer incredible deals on popular products, seek for reviews of products as a way to mine data, or email asking for money veiled as a gift.
Defending against phishing emails requires you to take the position of a human firewall. A human firewall is a term used to describe when people actively choose to not engage with risks such as a phishing email. To be a human firewall against phishing scams, you should:
- Check the email address
- Look for repeated spelling or grammar errors, or poorly worded emails
- Check the name of the person sending you the email is legitimate
- Avoid clicking links in emails that you don’t recognise
- If it appears to be an email from someone you work with, speak to them on an alternative platform to check it was actually them
Fake charity scams
Scammers have no morals and will do whatever it takes to get money from someone, even if that means posing as a charity seeking donations. When you receive a communication from a charity, always check that it’s one you recognise, and if it’s not, you can always verifying using a variety of tools.
For instance, charities must be registered in the UK with the Charity Commission, and you can check the register to see their legitimate website and scope of operations. Any communication you get from a charity will include their registered number, which you can look up in the register. If there is no registered number, then it’s best not to action anything asked.
Compromised sites
Sites can be compromised in a variety of ways, whether that’s at the point of purchase or as soon as you land on the homepage. You may not even realise a website has been compromised until it’s too late and you’ve already parted with your money.
During the festive period, people are more likely to hunt for a bargain and may be less likely to double-check a website before entering personal information. Similarly, they may be more likely to ignore antivirus notifications before entering a site.
While there are sometimes no visible warning signs on a compromised site, you can always read the URL. Look for spelling mistakes like Gooogle instead of Google, or letters replaced with numbers, like Go0gle or Googl3. These simple changes often denote a spammy site.
Too good to be true deals
When it gets to festive shopping, people are deal hunting. They want the best product for the lowest price and therefore, too good to be true deals can be easily taken over by scammers to steal money from people. Products could be hosted on legitimate websites, like eBay or Amazon, but the product you order may look entirely different or not arrive at all. Even worse, you could have ordered it off a specific website, and your money taken without any sign of a returns policy.
Remember, if it seems too good to be true, it probably is. Trust your gut instincts and don’t buy items from suspicious websites at an unrealistically low price.
Gift card scams
Throughout the year, people experience gift card scams. A scammer will pose as an influential person at the company, normally the CEO or senior leadership, and request that a member of staff purchase a large number of gift cards, or a high value attached to one. These requests can often be between £500 and £1000, which is no small sum for an employee to spend.
During the festive season, scammers are able to pose these as gift-giving type emails, helping to boost their legitimacy and the likelihood of an employee falling for it. Emails like this require the employee receiving them to spot they are a scam, and to raise the alarm internally to resolve the threat before it escalates.
Social engineering
Social engineering is the act of using posts on social media to gain information about consumers without them realising. An example would be a page post saying something along the lines of “Most Brits say they’re at home for Christmas but where are you?” This form of social engineering would allow criminals to break into empty homes and steal items.
Another would be “On average, people are finishing work on the 22nd December, but when do you? Let us know below.” This way, cyber criminals could know when offices were quieter to send DDoS (denial of service) attacks or to attempt a planned infiltration knowing it was less likely to be noticed in time for immediate action.
By understanding the common tactics used by cybercriminals during the holiday season and taking proactive security measures, businesses and consumers can enjoy the festivities while minimizing the risk of falling victim to damaging cyber incidents. Staying informed and maintaining a strong security posture are key to mitigating the increased cyber threats that often accompany the holiday period.
Thanks for signing up to Minutehack alerts.
Brilliant editorials heading your way soon.
Okay, Thanks!