Festive Cybercrime: How To Stay Safe In The Holiday Season

Holidays are just behind us and as most of us are excited for the post-New Year shopping and presents, so are the Internet scammers. Social engineering techniques are being updated and adjusted with creative and tricky twists, enabling “Grinches” to execute their evil plans and steal the joy of holidays once again. Below are some of the most popular holiday scams of this year.

CEO Scam. This is a type of spear phishing scam, where cybercriminals make their way into an account of an executive of a large organization and send requests to their victims from that executive’s email. Prior to sending their requests, scammers conduct a thorough research and make those emails look and sound very trustworthy and believable, which makes it difficult for anyone to recognize the attack. Usually hackers would ask their victims to disclose personal information (for example payroll history for the past few months) or transfer funds. This season they added a holiday twist to it, asking employees to buy gift cards and forward them back to the executive’s email, like in the case of Vancouver government agency.

How to stay safe?

  1. Implement strict policies regarding any financial transactions that would involve either a written request approved by more than one person, or an in-person verification of such requests

  2. Educate your employees and executives about potential scams and how to avoid them.Keep your passwords updated and make them complicated, making it harder for cybercriminals to hack their way into company accounts

  3. Avoid connecting to public Wi-Fi in coffee shops or while travelling, as those networks are usually not secure and would allow hackers to access your accounts

Fake delivery attempt. This is a variation of a phishing scam, where an attacker would send out an email impersonating a delivery company (such as FedEx, UPS, Canada Post, you name it) and informing the victim that their package has been shipped or delayed and prompting to click on a link to track the shipment. Needless to say, the link doesn’t lead to any tracking website, instead it leads to a malicious website loaded with malware. As many of us have bought presents online, or are expecting to receive gifts from friends, we would not think twice before opening such email and clicking on a link, and cybercriminals know that.

How to stay safe?

  1. Carefully examine each email you receive, verifying that the sender is exactly who they say they are

  2. Don’t open attachments or click on the links from emails you did not expect to receive

  3. Track your shipments directly through the website of a delivery company you are using, not through the links in the emails someone might send you

Holiday deals. At the peak of holiday shopping season Internet is full of unbelievable holiday deal offers, fake shopping apps that promise incredible discounts and promotions. Let’s face it: it is not profitable for any company to provide unreasonable discounts during the hottest shopping month (and ironically one of the coldest months of the year) of December. Ads and websites that promise to shave 90% off the original price, or apps that would magically allow you to buy an iPhone 11 for $100 are nothing but a scam. Clicking on those links and downloading those apps will leave you with a device full of malware instead of the promised goodies.

How to stay safe?

  1. Beware of offers that seem too good to be true. Do not follow the links that offer unreasonable discounts or unbelievable promotions

  2. Shop only at the online stores you trust and avoid those that you’ve never heard of

  3. If you decide to follow the link to a shopping website, verify that link leads you exactly where it says it would by hovering over it with a cursor

  4. Verify legitimacy of a deal or a discount by navigating directly to the company’s website instead of clicking on the advertisement

Greeting cards. Many organizations are sending out holiday greetings to their valued clients, partners and vendors, which makes greeting cards a very convenient disguise for malicious links and attachments. Hackers will try to impersonate large companies, such as Amazon or Apple, and send out emails that look like holiday greeting cards. In some cases, they would prompt victims to click on a link to see the video “crafted specifically for you” or download an attachment that looks like a greeting card. Just like in all previous scenarios, such links and attachments can be very dangerous and should not be clicked on.

How to stay safe?

  1. Do not open attachments or click on links of greeting cards you did not expect to receive

  2. If you receive one from a friend and it looks suspicious – contact that person via phone call or a text and confirm that the email was sent by that person

These examples make up only a tip of the scamming iceberg. Reach out to us to find out how to stay vigilant not just during winter festivities, but throughout the whole year.


© 2017-2020 by Wembley Partners Ltd.

  • White LinkedIn Icon
  • White Twitter Icon
  • White Spotify Icon