12 security defence precautions over the festive season

12 security defence precautions over the festive season

For many, Christmas is the most wonderful time of the year – but find oneself a victim of an online attack and the season may turn sour. With spirits and Internet usage at an all-time high there’s no better time to lure a victim online – but don’t worry; ESET’s gift to its users this Christmas is the gift of knowledge, as we share defences against these 12 threats.

1. Phishing

It may be the season of goodwill, but that’s certainly not the case when it comes to cyber criminals. Phishing attacks usually occur via email and see users receive an authentic-looking email from a bank or organisation luring them to enter their personal details on a similarly authentic-looking website.

2. Adware

You may have noticed that after you search for an item online, it starts to pop up on other websites you visit. This is known as adware, and is customised for users and may be monitored by spyware.

While one may think these adverts are there to remind users to complete their Christmas shopping, the innocence of the pop-up is questionable.

3. Mobile malware

If there’s one piece of technology that gets a lot of usage of the festive period, it’s the mobile phone. Unfortunately, it’s no safer than desktops or tablets thanks to the rise in mobile malware.

As Lukáš Stefanko, malware researcher at ESET, recently said: “Mobile malware is a huge problem. [Because] users have more personal and sensitive information on their smart devices, including text messages, contacts, photos, emails etc, [they are increasingly under threat].”

4. Smishing

Most of us are aware of phishing attempts over email, but what about phishing attempts over SMS?

Typically, one will receive an SMS apparently from a trusted source – like Apple or a friend – advising users to click on a link and enter personal details. However, that SMS is forged and not from that trusted source at all.

5. Identity theft

Busy sharing all of festive plans and holiday travel online? Think before it is posted.

Simple details about one’s lifestyle can allow a cybercriminal to gather personal information and even trick users into giving out more. Social media websites are a gold mine of information for identity thieves.

6. Spyware

He sees you when you’re sleeping, he knows when you’re awake … It’s not Santa Claus we’re talking about, it’s the cyber criminals behind spyware – secretly installed malware often installed after a file is downloaded or pop-up is clicked.

Spyware can monitor users’ keystrokes, read files, access applications and more – transmitting all the information back to the person that controls the spyware.

7. Spam

If shoppers been busy ordering all their Christmas gifts online, they may find themselves receiving even more unwanted emails than usual.

Most of us receive spam, and although it’s not always something to worry about, it can be used to send malware.

8. Pharming 

Like phishing, pharming is a type of online fraud, but doesn’t require user to click on a bogus link sent via email. Instead, a user is redirected to a malicious site – despite having typed the correct web address.

This year, up to 40,000 Tesco Bank users became victim to pharming attacks and 20,000 had their money stolen.

9. Ransomware

With the rocketing costs of Christmas, ransomware is one type of malware one won’t want to be faced with this December.

It’s a type of malware where cyber criminals encrypt a device/information, demanding victims pay to have their devices/information returned to them.

10. Wi-Fi eavesdropping

Doing a spot of festive shopping at a local coffee shop? Remember that not all internet connections are secured – which is to say encrypted – and that someone may be listening in and collecting your information.

When transmitting payment details across unsecured networks, they can end up in the wrong hands.

11. DDoS attacks

A Distributed Denial of Service (DDoS) attack can take the fun out of things like online shopping and gaming as it makes a service unavailable after flooding it with traffic from multiple sources.

DDoS attacks have been cited as stealing Christmas for many – especially in 2014, after knocking PlayStation Networking and Xbox Live offline.

12. Password security

The importance of a secure password has never been greater. Cyber criminals crack passwords for so many reasons – whether it’s to gather personal information about user or to commit fraud.

If users receive a new device this Christmas, make sure to replace the default password with one that’s more complex.

While there are plenty of threats to be aware of, sensible online behaviour and a cautious attitude will help ensure all that the yuletide celebrations run as planned.

Browse our latest issue

Intelligent CISO

View Magazine Archive