Cyber scams are a persistent problem for organisations at all times of the year; however, there is a steep increase in scams at Christmas as cybercriminals take advantage of distracted staff to launch targeted attacks.
When we’re distracted, mistakes happen, and Christmas tends to be the one time of the year when employees let their guard down. During the holiday season, inboxes are flooded with eCards, messages from friends and family, delivery notifications from online retailers, and fraudsters use this flurry of online activity to launch mass phishing scams.
As the festive season approaches, organisations must ensure that staff remain vigilant against phishing attacks, delivered not only through external sources but also through what appears to be legitimate internal communications, such as emails from senior management or the latest updates on office opening hours.
Staff need to be on their guard to ensure that they are prepared to deal with the influx of seasonal cyber scams. The best way to do this is to become familiar with the most frequently used attack methods at this time of year.
Top 5 Christmas Cyber Scams
1. Fake Delivery Emails
The most popular type of seasonal phishing attack is linked to logistics. Criminals know that as Christmas approaches, people are sending lots of packages to friends or families or expecting the delivery of parcels themselves.
Victims will receive an email from what appears to be a legitimate courier company informing them that they’ve missed the delivery of a parcel. The email will often be urgent in tone and warn the recipient that their package won’t be delivered in time for Christmas if they don’t act quickly.
To select a new delivery time, they will be instructed to click on a link within the email, and upon clicking the link, they will be taken directly to a phishing website or their computer will be infected with malware.
2. Christmas eCards
eCards have become a very popular and inexpensive way to send friends and families a card at Christmas. Cybercriminals have been quick to take advantage of this online format and use it as a guise to trick victims into downloading and installing malware.
As soon as you click on the link to view your card, there’s a good chance you’ll be downloading adware, spyware, or a Trojan virus onto your computer. Red flags that an eCard is malicious include; spelling mistakes, an unknown sender, dubious link, or an attachment that ends with “.exe,”. This can indicate an execute command which may install a virus onto your PC.
3. Seasonal Offers
It can be hard to resist the lure of a cheap bargain online, especially at Christmas, but these too good to be true offers usually are! Criminals will often create a fake page imitating a well-known brand, then pretend to offer a real promotion. These scams are often set up specifically to harvest user data and will require the input of personal information.
4. Gift Card Survey Scams
Fraudsters will often create fake Christmas promotion pages that claim to be associated with big brand names. The pages are full of offers to win expensive prizes, vouchers and gift cards. To be in with a chance of winning, all you have to do is like the page and share the promotion with your friends. This ensures the scam reaches as wide an audience as possible.
The next condition of entry is to complete an online survey to verify your identity. This is just a cunning way to harvest your personal or financial details. Always be wary of any promotion that asks you to like and share material or participate in an online survey to enter.
5. Charity Phishing Scam
Cybercriminals are extremely devious and know that people will tend to be more charitable at Christmas and donate to those less fortunate. To exploit this goodwill, fraudsters will set up fake phishing websites designed to look exactly like the genuine website of reputable charities.
As soon as you enter the fake site, you will be asked to donate by providing your credit card details and personal information. The criminals will then use this data to steal your money or commit identity fraud. When donating to charity it’s always best to go directly to the charity’s website and never follow a link within an email.
How to Avoid Christmas Cyber Scams
- Never click on links or download attachments from unknown sources.
- Always verify the security of a website.
- Pay close attention to the spelling of an email address, if there are any inconsistencies, delete immediately.
- Ignore and delete emails with poor grammar and formatting.
- If the email is threatening or urgent in tone, do not respond. This is a common tactic used to pressurise a victim into taking immediate action.
- If you get an email, phone call, or text message about a parcel you weren’t expecting, treat it with suspicion.
- Be wary of email offers – If an offer seems too good to be true, it usually is.
- Enable a spam filter on your email account.
- Back up data on a regular basis.
- Install the latest anti-virus software solutions on your work devices.
- Use strong passwords to reduce the chance of devices being hacked.