NEW YORK — For millions of Americans, Christmas and the new year is a time to relax alongside friends and family and enjoy a break from the stresses of work. Yet it can also be one of the most lucrative times of the year for cyber criminals, as they benefit from people letting their guard down online.
This month marks the 35th anniversary of the Christmas Tree Worm, a piece of harmful code disguised within a festive graphic that left a trail of destruction as it was shared among networks. It was the first example of viral malware and showed how festive cybercrime can flourish.
Today’s worms have turned far more high-tech. Holiday season hackers now use more sophisticated methods to lure their victims — from Christmas phishing emails and spoofed websites to bogus charities — so it’s important to know what to look out for.
Marijus Briedis, cybersecurity expert at NordVPN, has some tips to protect yourself from the scammers over Christmas and the new year.
- BE CAREFUL WHERE YOU CLICK: Whether it’s the lure of last-minute presents or seasonal sales, online shoppers will be out in force this Christmas. In your hurry to bag a bargain make sure you check your cybersecurity to stay ahead of the hackers.
Avoid the temptation to click on pop-up ads or links to websites that you cannot verify. Use a search engine to find the retailer you want and activate antivirus software like NordVPN’s Threat Protection to check for any malicious sites. In the case of well-known retailers it pays to be wary of “typosquatters” who may have set up fake sites under similar names to try to trap unsuspecting visitors.
- ROGUE DELIVERY: The traditional surge in parcels over December creates a perfect storm for delivery scams to thrive. Typically, would-be victims will either be sent an email or text giving them an order number and tracking link for an outstanding package or missed delivery. Once you have clicked, a hacker knows your contact details and may use this to supplement the scam, for example, by asking for a delivery charge.
If you have received a message with a tracking link, do not click on it and cross-check any code with the delivery company’s website.
- BE STORE SURE: Many people will want to use independent retailers to find the perfect seasonal gift or treat themselves when the sales start. Yet resourceful hackers are capable of creating near replicas of existing e-stores by harvesting details — including product images — from the sellers’ genuine listings on marketplaces like Etsy. These fake stores can then be widely promoted on social media and sites like Amazon marketplace.
While spotting these scams is very tricky it’s worth checking out any unfamiliar shopping site or listing with a fine tooth comb. Have a look at the language used and read product reviews carefully to see if they sound genuine. Also check the “about us” section of the site and search the exact wording used — multiple listings for the exact same phrases could suggest it is a scam offer.
- UNBOXED AND UNPROTECTED: Internet-of-things (IoT) devices such as smart watches, voice assistants and health trackers are among the most popular Christmas presents. Yet research by NordVPN showed that more than one in four Americans (27.1%) took no action to protect their home internet, wi-fi or smart devices1.
Before you take your new gadget for a spin online it’s worth ensuring you take a few minutes to make it more secure. This can include changing the default password that came with your smart device and adding an antivirus or VPN to your router to safeguard IoT gadgets on your network.
- A GIFT(CARD) FOR SCAMMERS: When it comes to picking a present for a hard-to- buy-for relative, online vouchers and e-gift cards are a popular choice. It therefore might not be a surprise to receive a retailer voucher by email around Christmas, something hackers know only too well.
As well as links to fake vouchers that could contain malware, fraudsters may often trick people into buying genuine coupons and revealing their unique card numbers by posing as family members. To steer clear of these scams, be sure to verify any voucher offer on email with the relevant retailer’s website and always speak to loved ones on the phone before making transactions you believe they have requested.
- CHARITY CHEATS: Perhaps the most cynical seasonal fraud involves fraudulent charities set up online at Christmas to take advantage of Americans’ generosity and goodwill. These fake charities, from bogus veteran appeals to cancer funds can seem very convincing but there are usually tell-tale signs that show they’re not on the level.
If you receive an online appeal, a sensible first step is to look up the charity responsible using the Federal Trade Commission web resources to see if it’s legitimate. Be particularly wary of any charity that asks you to donate via wire transfer or with cash, gift cards or cryptocurrencies, instead of a check or credit card. Also, watch out for emails from an organization encouraging you to download an attachment or click on weblinks as these could be a phishing attempt.