The holidays are a time when many of us get chance to work at least a little less, but for cyber criminals it’s a time when they work even harder. We see many scams over the festive holidays and, as we may be gaming more and buying devices, it's a good time to refresh on some cyber security best practices.
Our top five cyber security tips for the holidays:
1. Watch out for social engineering
The festive season is a perfect time for cyber criminals to carry out social engineering attacks because we’re often busy, receiving lots of messages and more susceptible to their psychological tricks. When cyber criminals socially engineer us, they often use psychological cues to cloud our judgement, for example using urgency, authority, flattery and fear to trick us into clicking malicious links, downloading dodgy attachments or giving away information or money.
One common social engineering scam this time of year is fake delivery messages. Over the pandemic, we have been shopping online more than ever. With the holidays fast approaching, many people receive more packages than usual and we don’t necessarily keep track of what is coming from where, or even know what parcels to expect. Cyber criminals exploit this with delivery scams, in which they send phishing emails and messages that pretend to come from delivery companies saying you have missed a delivery or you’re due one.
Remember that if a message is unexpected, makes you feel something and asks you to do something – take a minute to check it out. Check with the supposed sender to make sure it really did come from them, or go straight to the source (like the company's website) to make sure the communication is legitimate.
2. Be scam savvy
At this time of year we see many gift card scams being shared on social media and platforms like WhatsApp. Cyber criminals posing as well-known retailers trick people into sharing their personal and financial data with the promise of a chance to win a gift card. Messages use the branding of trusted retailers, and little psychological tricks including a sense of urgency, fear of missing out and friendly emoji to lure us in.
In all of these scams, the criminals are trying to get you to click the link and share your personal information with them or even to infect your devices with malware. So, avoid clicking links in unexpected messages and don’t share your personal or financial data - instead you directly to the source, for example the website of the retailer that the message appears to come from.
3. Game safely
Many people relax during the festive season by playing video games, or give and receive gaming consoles as gifts. Just like anything connected to the internet, it's important to remember that cyber criminals follow the numbers: the more we use a platform or console the more they will look to exploit it. Avoid using personal information in usernames and passwords, enable two-factor authentication if you can and review your privacy settings (rules which are good for online gaming - and any online account or service that you use!). Read our blog post on security for gamers for more top tips.
4. Shop securely
With many of us shopping online more than ever, it's important to remain aware of the ways we can maintain peace of mind that we're practicing good security behaviours. Our first piece of advice here is to use trusted websites, as cyber criminals do set up scam sites to lure us out of money, as FC covered in this episode of the BBC's Fake Britain.
Buying with credit cards, rather than debit cards, offers much greater protection against fraud. With a credit card, you generally are not liable for unauthorised payments as long as you identify and report the transaction quickly. With that in mind, our final piece of advice when it comes to shopping securely is to make sure that you regularly check your bank statements so you can spot any unexpected charges.
5. Don't get bugs with your gifts!
Gadgets and devices are popular gifts at this time of year, and common purchases in seasonal sales. Many of these are Internet of Things devices (IoT), connected to the internet. Common issues with IoT is that these devices can collect a lot of information about us, and potentially leak it, and they often are made on a low budget with manufacturers failing to build in security features, such as the ability to update the device. They also often use default passwords and default passwords can be easy for cyber criminals to either get hold of or to crack.
When it comes to IoT devices, check when you purchase them that they can be updated (and enable automatic updates if you can). Change default passwords, as these are easily guessable by cyber criminals, and set up two-factor authentication if possible. For more advice on securing IoT, read our guidance here.
For more information on how to stay safe online, visit our guidance page.
And, remember that we support organisations around the world with their security culture and awareness campaigns, helping to shape and spread messages just like the ones above. If you'd like to find out how we can help you raise cyber security awareness and positively influence behaviours in your organisation, get in touch.
Please also feel free to share this blogpost in your organisation - or with family and friends - if you want to help them stay cyber-savvy this holiday 💜
