Beware: ‘Tis the season to be scamming’

Why is the Holiday season so popular for cyber criminals?

Organizations and individuals are at a much higher risk of suffering a cyber attack during this festive season. TAU’s 2018 Carbon Black Holiday Threat Report showed how during the winter holidays, there was a significant increase in cyber attacks. A survey conducted by Tufin Technologies similarly stated that 81% of hackers said they operated more intensely during the winter vacation. But why is this the case?

The total value of global retail e-commerce sales will reach $3.54 trillion by the end of 2019, up 20% over 2018. To top that off, nearly $142 billion (£106.5 billion) will be spent online in the UK during the holiday season this year. With so many people spending online, this becomes a goldmine for hackers to target those of us who shop online.

Additionally, with offices empty during the festive season this is an ideal opportunity for criminals to start causing havoc to your business. Even the lead up to the christmas break can be a vulnerable period, as your staff become more and more distracted. The lack of vigilance will allow hackers to attack and get away with it, supported by Tufin Technologies whose survey found 56% of hackers said Christmas was the best time to hack corporate computers.

The rise of emails sent during the holiday season means phishing emails are harder to spot. According to Responsys’ Retail Email Guide to the Holiday Season, 89% of top retailers increased their number of promotional emails sent in November and December by 47% compared to January and October. 

10 hacks to fight back: Don’t let hackers ruin your festive fun!

1. Missing parcel fraud 

Have you ever received a card saying a parcel has been left on your porch but there is nothing there? You could be a victim of a scam. One of your shopping accounts might have been hacked allowing the hacker to spend freely using your credit card details.

What to do?

To tackle this scenario, make sure to call your bank so that they can freeze any more movement coming out of your account. Unfortunately, you might have not done anything wrong for your debit card details to be stolen, but in this instance acting fast is the best thing you can do when noticing something suspicious. 

2. Fake ‘missed you’ delivery card

Most likely, a lot of us have received a ‘missed you’ delivery card when we weren’t at home to sign it off from the postman. However beware! Fraudsters have been known to print out a similar card and make it look like it came from the Royal Mail. They will use a fake number asking you to call to ensure the parcel is redelivered. On the other end of the phone will be the cyber criminal, waiting to collect your personal information so that they can then pretend to be you. 

What to do?

Never give your personal information over the phone, regardless of whether it might seem like a reliable source. Always look up the Royal Mail number online to double check if they match the number on the card you have received.  

3. ‘Trojan horse’ malware attack

Malware attacks occur when people click on pop-up windows that appear on their computers offering free security software. The pop-up will most likely be a hacker. Malware will harvest your personal and financial information, send phishing emails to your contacts and provide remote access to your device.

What to do?

If you are unfortunate enough to install malware you should: 

• Disconnect from the internet, as this will prevent anymore data from reaching the malware server.
• Entering safe mode, allows your computer to run checks with the minimum required software and programs to load. This will prevent the malware from loading automatically.
• Avoid logging into accounts during malware removal, to avoid sharing personal information.
• Check your activity monitor to manage how your processes are running your computer and how it is affecting its performance.

4. Man-in-the-middle harvesting

Using public Wi-Fi is a risk. This involves hackers sending out their own copy-cat Wi-Fi signal which you might latch onto by accident. If you do this, it could allow a hacker to spy on what you are doing and then be able to take your personal information.

What to do?

The main advice is not to use public Wifi when making money transactions or logging into personal accounts, otherwise you could be at risk of identity or card theft.

5. ‘Phishing’ emails

According to NTT Security’s quarterly Threat Intelligence Report, phishing emails are up 74% with over 1.4 million new phishing sites created each month. Phishing emails leverage messages with malware attachments. TAU’s report says that the majority of cyber attacks during the holidays use phishing campaigns or spear-phishing campaigns to deliver malware to their victim’s computer systems. 

What to do?

If you have clicked on an attachment within a phishing email, this is what you should do:

• Disconnect from the internet
• Back-up your data 
• Scan your device for malware using an anti-malware software 
• Change all your login credentials as once cyber criminals have them they can access all your accounts
• Set up a fraud alert

6. Charity donation cheats

Fraudsters also take advantage of the goodwill of many people by pretending to be charity organizations. 

What to do?

Make sure to check any emailed details with the Charity Commission’s list to ensure your donations are going to the right place.

7. Password theft

Many people don’t know that once a hacker has access to one of your passwords they can unlock many accounts online. Over Christmas fewer people are keeping tabs on where their money is coming and going, so make sure to be cautious for any suspicious activity.

What to do?

To avoid password theft you should try to :

• Create strong passwords – use letters, numbers and symbols
• Use multi-factor authentication 
• Have different passwords for different accounts 
• Use a password manager
• Avoid sharing your password with anyone

If your password is stolen take the appropriate action in regards to the account affected and make sure you change your account passwords immediately. 

8. Copy-cat websites

Don’t be fooled by bogus websites. They might seem legitimate but you might fall in the trap of paying for services or gifts you will never receive. 

What to do?

You can spot these fake websites by the final suffix letters. Fraudsters in the past have used suffixes such as ‘.co.com’ instead of ‘.co.uk’. Moreover, an ‘https’ prefix is more reliable than a ‘http’ address. Website address with ‘https’ indicate the site has an extra layer of security.  It uses the Secure Sockets Layer (SSL) to maximize security of data & transactions on the web with an encrypted channel between your device and the website you’re shopping on.

This way, your account login, credit card, and any other sensitive information details are encrypted to prevent eavesdropping. In short, avoid ‘Not Secure’ warning in browsers.

9. Dark web targets

Over this festive season people often send seasonal greetings via email rather than cards in the post. Occasionally, there will be attachments with holiday messages. However, beware of opening these attachments even if you recognise the name of the sender. Hackers have used personal details of people off the dark web to find targets. 

What to do?

Sometimes it is better to be safe than sorry. Due to the high risk of email attachments with malware, it might be best to abstain from clicking. Thanking the sender of the email for the seasonal greetings (before you have opened any attachment) could also make it clear whether they were the true sender or not, giving you more of an indication if the attachment is safe to open.

10. Rip-off Goods

Although you might think you have used a reputable website to do your Christmas shopping, this still does not mean you have escaped the cyber criminals. There is still a chance you could be sent counterfeit goods. This is a problem, especially when the European Union Intellectual Property Office (EUIPO) reported that international trade in counterfeit products is now worth up £300 billion and in 2017, 15,000 online shoppers lost £11 million to scams.

There are many risks when buying counterfeit goods:

• Not only are the products of bad quality but they are most likely unsafe (especially with electrical or medical products; they could be fatal)
• Consumers need to be careful, as the websites which they might use for the purchase might then gain access to personal sensitive information (credit credentials), as well as expose their computer to malware/viruses.

What to do?

There are a couple ways you can avoid this:

• If the price online looks really low you could be buying a ripped-off good. What might seem like a good deal, might be a waste of your time and money. 
• Check the spelling and grammar of the website and the URL
• Only use sites that are reputable: always make comparisons on different sites/forums that might say the website is fake
• Watch out for pop-ups appearing asking you to confirm your card details before you are on the payment stage. 
• Make sure you’ve installed the latest software & app updates

To wrap it all up

There are a lot of ways which you can avoid being hacked this Christmas. But if you are one of the unlucky ones, we hope our tips have helped you deal with the situation or informed you more on the matter.