Christmas time is once again upon us, and with the excitement of Mr. Claus wriggling down the chimney and the comfort of being at home with the family, there is also caution to be had in our cyber security. This time of year is a playground for cybercriminals to exploit individuals or organisations. Consumers spend billions online each Christmas, resulting in an overflow of emails for order receipts, purchase confirmations, and delivery updates, to name a few. Attackers will take advantage of this situation to send malicious phishing emails.
Here, we outline a few strategies to help protect your organisation’s and your personal cyber security during the Christmas period.
Illegitimate Delivery Emails
As you will most likely be waiting for at least one package to arrive during the Christmas period, it would be unsurprising to receive a delivery notification. Cybercriminals take advantage of this by sending convincing phishing emails with tracking details and the organisation’s logo and information. These emails may ask you to track the package by clicking on a link.
These emails may use urgency tactics like: “more information needed for delivery” or “delivery cancellation, click here for a refund.” Always refer to the legitimate site you ordered from before acting.
How to Avoid Being Scammed by Illegitimate Delivery Emails
- Track orders directly: Use the company website or the official shipping website provided to confirm the content of the email. You will be able to make any amendments using this, therefore there will be no need to click on anything in the email.
- Verify sender: Look at the sender’s email address for anything that doesn’t seem right. Well-known carriers should not be using an email with @hotmail or @gmail, for example; they will be using their company name.
Christmas eCards
eCards have been a popular office tradition for many years now; however, they can be easily exploited. Cybercriminals can exploit these seemingly innocent digital holiday greetings by embedding malware that may compromise personal and business networks.
How to Avoid Being Scammed by an eCard
- Be extra cautious: Verify the legitimacy of the sender before opening the eCard. Look at the email it was sent from and the website it may have been made on.
- Update security software: Make sure the organisation’s antivirus software is up to date; this may detect and block potential threats before they land in your inbox.
Gift Card Questionnaire Scams
Scammers may send out mass emails to invite participants to fill in a questionnaire in order to receive a gift card after completion. However, the real objective is to gather your personal or your organisation’s information. No gift card!
Legitimate questionnaires are usually anonymous for statistical purposes and therefore would not ask for your personal information. Anything that asks for more than your name or age should be treated as suspicious.
How to Avoid Being Scammed by a Gift Card Questionnaire
- Verify legitimacy: Check with the supposed sender if the questionnaire is legitimate; they may even have the promotion on their website.
- Check URLs: To check this, you can hover over the link to see a preview of the URL. Look for anything suspicious. If it doesn’t seem right, do not click it.
Charity Donation Scams
It is the time of year for giving, and cybercriminals will exploit your generosity by creating fake charity websites or sending phishing emails that look like they are from real, well-known charities. As a result, you or the organisation may unknowingly make a donation that goes straight to the scammers or give over sensitive personal information.
How to Avoid Being Scammed by a Fake Charity
- Verify the charity: Before making a donation, check the legitimacy of the charity, or go straight to the charity website rather than through an email.
- Use a secure payment method: When making an online donation, always use a secure payment method to protect your information.
In Conclusion
These steps are essential when protecting yourself and the organisation from cybercriminals; however, there is always room for human error in being vigilant online. Employee training is a key factor in keeping your organisation safe. The months of October and November are a good time of year to have an update on cyber security training for you and your employees. This will serve as a reminder to stay vigilant online during the busy festive period.
Take care this festive period and follow these steps for a worry free Christmas.
Happy Holidays!