As the holiday season approaches, so does the heightened risk of cybercrime. With an increasing number of people turning to online shopping and digital transactions, cybercriminals are lurking in the shadows, ready to exploit vulnerabilities and steal personal information. In this digital age, it is crucial for individuals and businesses alike to be aware of the pervasive threats that exist in the virtual realm and take proactive measures to safeguard their security.
From phishing scams to ransomware attacks, the landscape of cybercrime continues to evolve, presenting new challenges for cybersecurity professionals and everyday internet users. The stakes are higher than ever as sensitive data and financial assets are at constant risk of being compromised. In this article, we will explore the prevalent threats in today’s digital environment and provide practical strategies for identifying these threats and fortifying your defenses against them. Whether you’re a seasoned IT professional or simply someone who wants to ensure their online safety during this festive season, understanding the nature of cybercrime is essential for protecting yourself and your assets in an increasingly interconnected world.
Cybercriminals are busy decking the (digital) halls with clever scams designed to deceive even the most cyber-aware consumers as the holiday shopping season gets underway. And it’s easy to see why this has the potential to be a particularly lucrative season for bad actors: The National Retail Federation predicts that 2023 holiday spending will reach new highs, returning to pre-pandemic levels.
However, a little vigilance goes a long way when it comes to protecting yourself from cybercrime. Below are some emerging threat trends to watch out for, a few classic holiday-season attack tactics we expect will resurface, and simple tips for keeping your data safe this season.
A Not-so-Special Delivery: New Shipping Scams Emerge.
While holiday shoppers have always prioritized competitive prices and seasonal promotions, many younger consumers expect their products to be delivered or available for pickup either the same or the next day. Gen Z consumers—born between 1996 and 2010—also indicate they’re willing to pay more for same-day deliveries.
Cybercriminals are taking note and introducing new scams to capitalize on shoppers’ preferences for faster delivery times. Most of these scam attempts come in the form of phishing via text messages. These communications often inform the recipient of a shipping delay or an impending delivery, asking the recipient to click on a link to confirm their name, shipping address, and other personal details. Once the malicious link is clicked, bad actors can capture a user’s sensitive information or even use that link click to read the cache on a mobile device and access a broader set of data, such as the usernames and passwords for the apps and websites you frequent. The Federal Communications Commission offers additional guidance on ways to spot and avoid these package delivery scams.
More Travel-Related Hacks Are Likely to Arrive Soon
As travel intent increases among consumers—48% of Americans say they plan to travel in the coming months—airports and hotels are preparing for a hectic holiday season. Unfortunately for travelers, though, cybercriminals are taking notice of this renewed interest and planning accordingly.
In recent months, we’ve observed an increase in bad actors registering fake domains designed to look like airline customer service or travel agency websites. While the sites tend to appear strikingly similar to legitimate sites, cybercriminals are posting bogus phone numbers on them. When the scammers posing as agents receive a call from a customer, they’ll book and charge individuals for nonexistent flights or use the caller’s personal information for nefarious purposes.
Be on the lookout for non-digital, travel-related scams this holiday season as well. One of the most common scams includes the “fake taxi” trick, where unofficial taxis charge travelers incredibly high prices. Sometimes people who look like airport officials with realistic badges will even direct people to illegitimate taxi services.
In addition to fake taxi scams, watch for broken taxi meters or drivers taking inefficient routes. Beyond taxi scams, look out for rental car agencies charging for damage that already existed and then demanding exuberant charges for the supposed damage. To protect yourself, capture a quick video of the car you’re borrowing before leaving the rental car lot and ensure the rental agency sees you doing that. In some cases, rental cars will have the damaged areas covered so they look fine at first glance, but those areas will quickly reveal themselves after you drive the vehicle.
Other common holiday-season scams include organized crime recruiting children to beg for money, bogus ATMs, Wi-Fi hotspots designed for attacks, and many others.
Classic Holiday Cybercrime Schemes to Watch For.
Cybercriminals will continue their holiday traditions this year, serving up a variety of scams to manipulate unsuspecting shoppers. And as consumers once again prioritize better prices and promotions as they shop this season, it’s not surprising that bad actors are re-introducing some of their go-to tactics to take advantage of these motivations.
- Fake websites: Fake shopping websites emerge each year during the holiday season, designed to lure consumers with low prices and irresistible deals into purchasing products that don’t exist. Cybercriminals also use typosquatting—a cyberattack that relies on users mistyping URLs—to spin up bogus sites and fool shoppers. Before making an online purchase, especially one from a site you haven’t shopped at before, do some research to ensure the company is legitimate.
- Web-based malware: Cybercriminals often place phony ads or links on trusted websites—usually showcasing free or discounted items for sale—designed to lure shoppers away from the secure site they’re browsing. Not surprisingly, the volume of web-based malware we observe around the holidays is generally higher than usual.
- Social media scams: Cybercriminals frequently do the same on social media, serving ads that promote nonexistent or counterfeit items. Others may offer vouchers, gift cards, free products, and contests to entice users to click links that contain malware.
5 Tips for Protecting Yourself This Holiday Season.
Despite cybercriminals’ best attempts to take advantage of the holiday shopping rush, there are plenty of easy ways to protect yourself and your data during this busy time of year:
- Patch and update: Make sure your devices, software, browsers, and applications are all patched and are running the latest versions.
- Pay attention to the websites you browse: Cybercriminals regularly spoof popular shopping sites, so it’s crucial to do some detective work before hitting “add to cart.” Look at the site design. Are there numerous pop-up ads or broken links? Is the copy grammatically correct? This sleuthing can help you quickly determine whether the site you’ve landed on is legitimate.
- Update passwords to avoid duplication: For every account, make sure you’re using unique usernames and passwords. Use a password manager to keep track of login credentials for different accounts.
- Use a credit card instead of a debit card when shopping online: Many credit cards offer fraud protection and can be turned off easily without freezing other assets. And make sure you opt-in to receive alerts from your credit card provider about suspicious activity associated with your account.
- Remember that if something seems too good to be true, it probably is: While it’s possible to find standout deals for goods and services online, the combination of unusually low prices and high availability of popular items is generally a red flag.
As shoppers make their lists and check them twice, remember that cybercriminals are doing the same. Being aware of common attack tactics and knowing how to spot them in the wild can help you guard against scams this season.
