In 2015, UK Christmas shoppers spent £24 billion shopping online, and as the popularity of online shopping increases, so does the likelihood of falling foul of cyber criminals, not necessarily because they are putting in extra effort during the festive season, but simply because more of us are doing more online shopping at this time of the year.
For cyber criminals, events like Black Friday and Cyber Monday provide a great opportunity to take advantage of consumers looking for a good deal or a gift for someone special, online.
In 2015, £3.3 billion was spent over the Black Friday and Cyber Monday weekend. Over a third of this was spent online, signalling the seismic social shift to shopping online during the busy Christmas season.
However, this opens the door for cybercriminals to prey on data, such as credit card details and passwords.
>See also: The 12 apps of an ‘appy’ Christmas
In their bid for your data, cybercriminals are becoming craftier than ever before.
You may have seen, for example, emails circulating recently claiming to be from Amazon, and asking for information about a recent order.
The email claims that there has been an issue processing an order, and asks the victim to click a link to confirm the account, which then takes them to a fraudulent website that very often is identical to the real thing.
This type of phishing scam dupes unwitting individuals into giving out sensitive information, such as bank details, credit card numbers or personally identifiable information, to cybercrooks.
Those that fall for it are unknowingly allowing cybercriminals to use their credit card details for future fraudulent purchases or to put them up for sale on the Dark Web, along with thousands of other people’s personal data.
However, it’s not just consumers who are at risk in the run up to Christmas – businesses are too.
When a small business, which may lack the resources for a dedicated security or IT team, receives an unknown email with an attachment that reads ‘invoice’ or ‘shipping confirmation’, they may be more inclined to open it – which could open up the company’s network to an attack if it turns out to be malicious.
If a business doesn’t have the proper security measures in place to provide a holistic picture of the organisation’s network, it may be too late once you’ve clicked ‘open’.
During this online shopping season, Sophos has put together some top tips to ensure you’re as safe as you can be – even when the post-Christmas sales begin:
If an online deal is too good to be true, it probably is.
This age-old saying still holds true online. Cyber criminals are using multiple methods to try and scam people out of their money, including phishing, DDoS, and malware, to name a few.
The possibility of a free iPhone, or a cheap TV may seem tempting, but don’t give in – it’s a total scam. With Hatchimals quickly becoming the impossible-to-get toy of the season, it’s becoming increasingly common for scammers to post on social media that they are selling one.
However, very quickly you’ll find after transferring the money, that you won’t hear from them again.
Cyber criminals know the lure of anything that may be discounted or ‘free’ will invite a click or two, which may take you to a phishing page, or an unintentional malware download. Regardless – it’s not worth the risk.
IoT products may make great gifts, but a cyber attack doesn’t
IoT products are set to be some of the hottest Christmas gifts this season – however, these kinds of devices are often vulnerable right out of the box.
The most recent hack on IoT devices demonstrated how connected devices like wearables can be just as vulnerable to attacks as your PC or laptop.
Unfortunately, the true vulnerabilities are in the devices themselves. Industry has rushed into launching these internet-enabled ‘things’ without considering the major security consequences of them.
Make sure you check the security of devices you’re purchasing and be sure to change the default password before using.
Spyware from Santa – make sure you have security software
Cyber criminals have more opportunity to intercept data with spyware during the Christmas period.
Protect against all malware, including spyware, which logs your financial data while you type it into your keyboard, with security software.
Of 1,250 consumers polled in the US, UK, Germany, Switzerland and Austria in a recent Sophos survey, 54% perceive spyware as an extremely large cyber security threat.
>See also: Christmas time, the ICO and data crime
31% of those surveyed consider themselves unprotected, are not familiar with spyware or are unsure if they’re protected. The lesson here is to always make sure there is up-to-date security software running in the background.
Security isn’t only about keeping the bad stuff out. It’s also about keeping the good stuff in.
In the lead up to Christmas, remember one thing – be extra vigilant against cyber crimes. Nobody has malware or a phishing attack on their Christmas list this year, so make sure you don’t get it on yours.
And if you make it through the holiday shopping season unscathed, all of these tips will still be valid in 2017 so remember to keep your security guard up 24/7/365.
Sourced by John Shier, senior security expert at Sophos