‘Tis the season for cyberattacks: How to outsmart and protect yourself from online scrooge

‘Tis the season for cyberattacks: How to outsmart and protect yourself from online scrooge

Aamir Lakhani, Global Security Strategist and Researcher at FortiGuard Labs, outlines how to stay one step ahead of the cybercriminals during the holiday season.

Aamir Lakhani, Global Security Strategist and Researcher at FortiGuard Labs

In the festive flurry of holiday shopping, cybercriminals are pulling out all the stops, adorning the ‘digital halls’ with cunning scams aimed at catching even the savviest consumers off guard.

With the potential for a particularly profitable season for these mischievous actors, it’s crucial to stay one step ahead. A dash of vigilance can go a long way in safeguarding yourself from cybercrime. Uncover emerging threat trends, anticipate the revival of classic holiday-season attack tactics, and arm yourself with simple tips to keep your data merry and secure throughout the season.

A not-so-special delivery: New shipping scams emerge

While holiday shoppers have always prioritized competitive prices and seasonal promotions, many younger consumers expect their products to be delivered or available for pickup either the same or the next day. Gen Z consumers – born between 1996 and 2010 – also indicate they’re willing to pay more for same-day deliveries.

Cybercriminals are taking note and introducing new scams to capitalise on shoppers’ preferences for faster delivery times. Most of these scam attempts come in the form of phishing via text messages. These communications often inform the recipient of a shipping delay or an impending delivery, asking the recipient to click on a link to confirm their name, shipping address and other personal details.

Once the malicious link is clicked, bad actors can capture a user’s sensitive information or even use that link click to read the cache on a mobile device and access a broader set of data, such as the usernames and passwords for the apps and websites you frequent. The Federal Communications Commission offers additional guidance on ways to spot and avoid these package delivery scams.

More travel-related hacks are likely to arrive soon As travel intent increases among consumers – 48% of Americans say they plan to travel in the coming months – airports and hotels are preparing for a hectic holiday season. Unfortunately for travelers, though, cybercriminals are taking notice of this renewed interest and planning accordingly.

In recent months, we’ve observed an increase in bad actors registering fake domains designed to look like airline customer service or travel agency websites. While the sites tend to appear strikingly similar to legitimate sites, cybercriminals are posting bogus phone numbers on them. When the scammers posing as agents receive a call from a customer, they’ll book and charge individuals for nonexistent flights or use the caller’s personal information for nefarious purposes.

Be on the lookout for non-digital, travel-related scams this holiday season as well. One of the most common scams includes the ‘fake taxi’ trick, where unofficial taxis charge travelers incredibly high prices. Sometimes people who look like airport officials with realistic badges will even direct people to illegitimate taxi services.

In addition to fake taxi scams, watch for broken taxi meters or drivers taking inefficient routes. Beyond taxi scams, look out for rental car agencies charging for damage that already existed and then demanding exuberant charges for the supposed damage. To protect yourself, capture a quick video of the car you’re borrowing before leaving the rental car lot and ensure the rental agency sees you doing that. In some cases, rental cars will have the damaged areas covered so they look fine at first glance, but those areas will quickly reveal themselves after you drive the vehicle.

Other common holiday-season scams include organised crime recruiting children to beg for money, bogus ATMs, Wi-Fi hotspots designed for attacks, and many others.

Classic holiday cybercrime schemes to watch for

Cybercriminals will continue their holiday traditions this year, serving up a variety of scams to manipulate unsuspecting shoppers. And as consumers once again prioritise better prices and promotions as they shop this season, it’s not surprising that bad actors are re-introducing some of their go-to tactics to take advantage of these motivations.

  • Fake websites: Fake shopping websites emerge each year during the holiday season, designed to lure consumers with low prices and irresistible deals into purchasing products that don’t exist. Cybercriminals also use typosquatting – a cyberattack that relies on users mistyping URLs – to spin up bogus sites and fool shoppers. Before making an online purchase, especially one from a site you haven’t shopped at before, do some research to ensure the company is legitimate.
  • Web-based malware: Cybercriminals often place phony ads or links on trusted websites – usually showcasing free or discounted items for sale – designed to lure shoppers away from the secure site they’re browsing. Not surprisingly, the volume of web-based malware we observe around the holidays is generally higher than usual.
  • Social media scams: Cybercriminals frequently do the same on social media, serving ads that promote non-existent or counterfeit items. Others may offer vouchers, gift cards, free products and contests to entice users to click links that contain malware.

5 tips for protecting yourself this holiday season

Despite cybercriminals’ best attempts to take advantage of the holiday shopping rush, there are plenty of easy ways to protect yourself and your data during this busy time of year:

  • Patch and update: Make sure your devices, software, browsers, and applications are all patched and are running the latest versions.
  • Pay attention to the websites you browse: Cybercriminals regularly spoof popular shopping sites, so it’s crucial to do some detective work before hitting ‘add to cart’. Look at the site design. Are there numerous pop-up ads or broken links? Is the copy grammatically correct? This sleuthing can help you quickly determine whether the site you’ve landed on is legitimate.
  • Update passwords to avoid duplication: For every account, make sure you’re using unique usernames and passwords. Use a password manager to keep track of login credentials for different accounts.
  • Use a credit card instead of a debit card when shopping online: Many credit cards offer fraud protection and can be turned off easily without freezing other assets. And make sure you opt-in to receive alerts from your credit card provider about suspicious activity associated with your account.
  • Remember that if something seems too good to be true, it probably is: While it’s possible to find standout deals for goods and services online, the combination of unusually low prices and high availability of popular items is generally a red flag.

As shoppers make their lists and check them twice, remember that cybercriminals are doing the same. Being aware of common attack tactics and knowing how to spot them in the wild can help you guard against scams this season.

Browse our latest issue

Intelligent CISO

View Magazine Archive