Digital security during the Christmas season
Fortinet Weihnachten, Cybersecurity, Tipps
This Christmas season, ticking off the gift list will be will look a little different than in years past. Given the increase in digital Given the increase in digital activity predicted for the holidays, cybercriminals will also be Cybercriminals will be making their lists and checking them twice this year. It's a particularly risky time of year as shoppers of all ages. (including those who are less experienced at spotting digital threats) flock to search engines and online ) are flocking to search engines and online channels to place orders before the end of the before the end of the delivery period. Opportunistic hackers know exactly how to set tempting, seasonal bait - and even some of the simplest scams even some of the simplest scams can fool savvy online shoppers. be fooled.
Below are some of the most common
cyber threats you should prepare for during the holidays -
along with some particular outliers we expect to see this season.
Online holiday gift card scam
During the holiday season, when gift card purchases skyrocket skyrocket, thieves are on the lookout for easy ways to gain an advantage. Gift cards are a popular gateway for cybercriminals and fraudsters, as stealing the money loaded on them is loaded on it is like stealing cash: Once the money is Once the money is gone, there is virtually no way for the victim to get it back (unlike credit card transactions). Unlike credit card transactions, where chargebacks are possible).
Some even go so far as to manipulate gift cards sold in shops by gift cards sold in stores by scratching off the protective layer to enter the PIN numbers, and then "replacing" the layer with a sticker to make them "replace" the layer with a sticker to make it look like new. The fraudsters insert these PINs into software that sends an alert as soon as someone has purchased and activated their gift card is purchased and activated, and then deduct the entire balance. off. Cybercriminals may also try to scam by email. If you ever received a strange email asking you to send money to a friend or family member in to help a friend or family member in an emergency situation, and the email has that email tricked you into giving a gift card as payment, then that email was most certainly a scam.
Another common scam associated with gift cards is the account takeover (ATO) attack. These attacks tend to usually around the holidays. A cybercriminal first uses the tactic of of credential stuffing or password spraying. "password spying" to obtain the credentials for a particular e-commerce login details for a particular e-commerce platform. Then use this information to make purchases with the obtained account data, often often buying high-value electronic gift cards in bulk and then spending them immediately. in large quantities and then spend them immediately to avoid detection. The best way to avoid becoming a target for gift card gift card scammers is to be vigilant and follow these four proven best practices:
- Set a secure password
Make sure you don't use the same password for every online account on two platforms. Use use a password management app to keep track of your different accounts. accounts. Don't forget to use random, non-duplicate user IDs as well if the website allows it. Unique user names with unique passwords are better than just unique passwords.
- Monitor your accounts
regularly update your login details and monitor your payment accounts for signs of unusual activity.
- Check gift cards
If you buy gift cards in shops, visually inspect them before loading the visually inspect them for signs of tampering before loading the balance, and stick to merchants who keep their gift cards behind a checkout counter. behind a cashier's counter.
- Never make purchases by email
Never agree to pay for online purchases with gift cards if you are asked to do so by email - in these cases, the item you want to In these cases, the item you are trying to "buy" probably does not exist. Stay Instead, stick with merchants you know and trust, and make sure that the make sure the website's checkout system is secure. Credit cards are the best method of payment, as most offer a degree of protection against fraud. Remember that apps for peer-to-peer transactions such as Paypal (for friends without payment protection), Venmo and CashApp should only be used when transactions are between people you know and trust. you know and trust.
Video conferencing phishing scams
For families who are unable to travel to celebrate together, virtual celebration is the next best option. However, it is important, however, to be wary of certain social interaction-based based scams that continue to target those who let their guard down. who let their guard down.
As we rely more and more on video conferencing as a means of social interaction, cybercriminals will continue to conduct Phishing campaigns that exploit these video-based platforms. These phishing attempts involve sending emails with fake links, asking the user to download a new version of their video conferencing software. download. The link leads to a third-party website where the user can download an installer. where the user can download an installation programme. In some cases the programme actually installs the video conferencing software - but whether or not it does so, it also downloads a remote Trojan malware programme to remotely access the host. This programme gives the fraudsters access to the confidential data and information information that is either sold on the black market or used for identity theft. identity theft.
Other phishing attempts target external employees, waiting to receive email invitations with links to video calls. received. In these cases, the fraudsters send links that take the user to a fake login page (which looks very similar to the real one) to steal login details. steal credentials. If they are successful, the attackers try to, attempt to use these credentials to gain access to corporate accounts and networks. networks.
To avoid videoconferencing fraud, you should always follow the
Follow cybersecurity best practices: Verify the
email address of the sender before clicking on links in emails or downloading
download attachments, even if they appear to be from a trusted source.
appear to come from a trusted source. In most cases, phishing e-mails are sent from addresses
that do not contain the legitimate web address of the company. Clarify
employees, family members and friends about what to avoid and keep your
and keep your devices updated with the latest security software.
up to date.
Phishing, smishing, vishing: threats are not limited to the desktop limited
Phishing attempts targeting video conferencing are
just the tip of the iceberg this holiday season. Unfortunately, other forms
of phishing are still on the rise, including those that target your
phone or mobile devices. The phone version of phishing is
sometimes referred to as "vishing", and text message scams are called
"Smishing" - a reference to text messaging.
Mobile phishing attempts are particularly common among
e-commerce shoppers. More users than ever before are using their
smartphones to make purchases. Although these devices may seem less susceptible
to threats, this is not the case. Online shoppers can
online shoppers may receive fraudulent text messages that appear to be
from merchants they know. These messages usually contain
a link that, when clicked, redirects to a fraudulent website that looks like the legitimate one.
website that looks like the retailer's legitimate website but is designed to
Aims to spy on your personal information (PII). Malicious apps,
especially for Android devices, can also be used to siphon off financial data and
Vishing and smishing
In vishing, cybercriminals use phone calls to obtain personal information. personal data. They use social engineering tactics (e.g. an urgent message about a recent order) to get you to provide order) to trick you into revealing information such as login or bank account details. or bank account details. Paradoxically, vishers often exploit our innate fear of cyber fraud and attacks to carry out these attacks. carry out these attacks. For example, a voice message may read, "URGENT: Your bank account has been suspended due to suspicious activity. Please call us immediately to restore access. When the victim then call back, they will be asked to provide confidential information, which will then be stolen and used maliciously.
Avoid vishing and smishing by making sure you making sure that the phone number you receive a call or text from actually belongs to the organisation claiming to have received the call or text message. organisation claiming to have sent the call or text message - before providing any any information. Remember that banks and government agencies almost never contact customers or individuals to disclose sensitive information. sensitive information. Therefore, it is best to call your bank directly and inquire about the message you received. They will be able to tell you whether the message was genuine or not, and they will report the incident to the appropriate authorities if it turns out to be a fraud.
A new method that we are increasingly seeing is the
adding a QR code to popular products and creating banners or marketing material
or marketing materials to be displayed in shops. When a victim
sees a product they like and sees a sign saying they can get the
product faster or at a lower price, they will most likely scan the QR code.
most likely scan the QR code. However, this will take them to a
scam website or an attempt is made to download malware.
Final thoughts on digital security
With the right digital security precautions in place, it is still possible to enjoy your favourite traditions safely. Thanks to digital platforms, we can connect with family and friends from the comfort and safety and friends from the comfort and safety of our own homes - and tick off our gift lists without having to foot in crowded shopping malls. It just requires a new level of Vigilance that can become the new normal itself.
Stay safe online this season by remaining vigilant: Never blindly trust an email, text message or a phone call, especially if they come from unknown numbers or sources. Use common sense to keep an eye out for Signs of phishing. Update your login details regularly. And of course, share this information with anyone you think might you think might benefit from it. After all, education is the best weapon in the fight against cybercrime.