Protecting Yourself Online During the Holiday Season: Common Cyber Threats to Beware Of

by Trava, Cyber Risk Management

Stay safe while shopping online this holiday season! Learn how to protect yourself from phishing, malware, and other cyber scams with expert tips in our blog.

There was a time when holiday shopping meant going to the mall or ordering from retailers' catalogs. Thanks to the Internet, we do most of our shopping during the holiday season on our computers, tablets, and mobile phones. The convenience of online shopping enables us to avoid the rowdy crowds. In some cases, you may find better deals and products online. But this convenience comes with cybersecurity threats, and you want to make sure that you protect yourself against scams that threaten your online safety. Here are a few online scams you should know about.

Phishing Attacks

Phishing attacks happen when scammers fraudulently send you fake messages that pretend to be from a legitimate company. These messages come through emails or text messages. The scammers' goal is to obtain money or steal personal information from victims. A phishing attack can also come through malware that the scammers install after the victim clicks on a malicious website. Phishing attacks are also common during the holidays.

One popular holiday phishing attack is the package delivery scam. With this scam, a fraudulent person sends you an email asking you to click on a link in order to get updates on your package or to confirm a fake delivery to your home. The scammer will also create a sense of urgency with this scam. When you click on the link, your computer becomes infected with malware that collects your personal information.

There is also the gift card scam, which is when the scammer sends you a fake email asking you to buy multiple gift cards for family members or coworkers. One way to protect yourself against phishing attacks is to update your software regularly and only shop on reputable websites since scammers create websites and send you emails that impersonate legitimate retailers.

E-commerce Fraud

E-commerce fraud is also prevalent during the holiday season so you want to look out for e-commerce scams when you shop online. According to the Internet Crime Complaint Center's 2021 report on holiday scams, non-payment or non-delivery scams cost people $337 million dollars, and credit card fraud cost people $173 million dollars. When you shop online, beware of retailers who request payment only through payment apps such as Venmo and Paypal. Your chances of receiving your money back from the scammer are low with this method of payment.

Account takeovers are a common type of credit card fraud that online shoppers need to beware of. Scammers gain access to your account through the use of fraudulent websites and emails. Once they obtain your personal information, they take over your account and use it to make purchases online. You can avoid credit card fraud by turning on alerts from your card issuer, and you should also monitor your credit card statements to look for fraudulent purchases. Watch out for social media ads because these ads sometimes lead you to fake e-commerce websites.

Malware Distribution

During the holiday season, scammers will use deceptive practices to install malware on your computer or mobile device. Malware is software that disrupts your computer or destroys it by installing harmful viruses on it. There are different types of malware and they include worms, Trojan horses, ransomware, and spyware. One way scammers distribute malware during the holidays is through bogus online holiday cards that appear to be from someone you know. They also do it through unsolicited emails that promise free gifts or prizes. Finally, scammers can distribute it through malicious holiday-themed apps and screensavers.

Malware infections steal your personal data and it can lead to financial losses. Malware infections can disrupt your computer and lead to downtime that might interfere with any important activity you conduct online such as work, paying bills, or budgeting. Using antivirus software can assist in reducing malware attacks. Avoid public Wi-Fi when conducting important work online and install security apps on your mobile phone. Only download software from trusted websites. Set up strong passwords with a combination of letters, special characters, and numbers. Perform regular scans throughout the year.

Ransomware Threats

Ransomware is a type of malware that limits users from accessing information on their devices. Scammers do this by locking users' screens or locking their files until the user pays a ransom. A lot of ransomware operators require bitcoin as payment but some might require a gift card purchase as the ransom. Keep in mind that paying the ransom is not always a guarantee that the attacks will stop.

Ransomware targets businesses, especially during the holiday season. This is because cybercriminals know that businesses focus on delivering services to customers and it distracts them from taking important measures to protect their websites and computer systems against attacks. Cybercriminals also know that there is increased traffic that puts a strain on businesses during the holiday season, and it puts them at risk for ransomware attacks.

To prevent ransomware attacks, back up your data to an external storage unit or to a cloud storage service such as Dropbox. You can also use email filtering services to prevent potentially malicious emails from coming to your inbox. Update your software regularly and install antivirus software.

The cyber grinches are real this time of year! Let's keep them away...Find insights and best practices to keep you and your loved ones safe this holiday season and beyond ⬇️

DDoS Attacks

A distributed denial-of-service attack, or DDos, is an attempt to interfere with the traffic of certain servers by overwhelming these servers with a flood of web traffic. It's similar to suddenly increasing traffic to a website. A DDoS attack is carried about by networks of machines connected by the Internet. These networks contain devices that were infected by malware and they're controlled by an attacker. These devices are called bots and they overwhelm certain websites with traffic. So why do they occur the most during the holidays? Well, people are often so distracted with selling and buying goods online that they forget to secure their systems from cyber threats.

One way to prevent DDoS attacks is to use a DDoS mitigation service that filters out malicious traffic from your website. You can also increase bandwidth on your website and install a firewall or intrusion protection system to reduce these attacks. Update your software regularly.

Social Engineering Attacks

Social engineering attacks use psychological manipulation to scam people out of their money and personal information. One type of social engineering attack is spear phishing. This is when scammers personalize their fraudulent communications to target certain organizations or people to make them appear legitimate. Pretexting is another example and this is when a scammer poses as your coworker or a loved one to obtain your personal information. Baiting is the practice of luring victims with free downloads or discounted items. These links lead to malware that infects your computer. Even supposedly innocent surveys and quizzes can be a form of social engineering.

Prevent social engineering attacks by verifying requests for personal information. You should also use stronger authentication methods such as two-factor authentication that makes it hard for scammers to access your accounts. Avoid oversharing your information on social media because scammers use your information to create fake emails.

Credential Stuffing

Credential stuffing is the practice of using a large number of stolen usernames and passwords to get unauthorized access to different accounts. Hackers often do this when companies experience data breaches, or they may use automated tools to test out the stolen information on different websites. Because many people use the same usernames and passwords across most of their accounts, it makes it easier for hackers to steal usernames and passwords.

You can prevent credential stuffing by using unique passwords and usernames for all of your accounts. MFA stands for multifactor authentication and it is effective in reducing credential stuffing. With MFA, the user will need to enter additional information other than his username and password.

Gift Card Scams

Gift card scams are common during the holiday season. One type of gift card scam is the stolen gift card code scam. Thieves take gift cards and remove the protective strips that cover the card number before stealing the numbers. After they put replacement strips on them, they check to see if money was loaded on the card then they make purchases with the stolen numbers. When you buy gift cards, check for signs of tampering with the protective strips. Also, be careful when buying discounted gift cards. Some online retailers sell fake, stolen, or already used gift cards so only buy the cards from legitimate sites.

Unsecured Wi-Fi Dangers

Don't use unsecured Wi-Fi when doing online holiday shopping or paying off those after-Christmas debts in the new year. When you use unsecured Wi-Fi in public places, your identity could be stolen. Hackers can gain unauthorized access to devices linked to the network you're using. Once this happens, they can steal your most sensitive data. There is also the risk of your device getting infected with malware. Protect yourself by using only secured Wi-Fi and enabling encryption features.

IoT Device Vulnerabilities

So you're thinking about giving your best friend an Internet of Things device this Christmas. Perhaps she wants wearable technology that tracks her fitness activities during the week. Before you purchase that fitness watch, you need to understand the vulnerabilities associated with IoT devices. These devices can become vulnerable to security threats in various ways. The use of weak passwords on your IoT devices allows the ability of attackers to hack into them. Unauthorized software updates also threaten the device's security. Protect your devices by changing the default password to something that is hard to guess. Disable remote management features on the device. If your device is connected to the cloud, make sure that the cloud's infrastructure is secure too.

Fake Charity Scams

Beware of fake charities that take advantage of your desire to do good this holiday season. They may use bogus phone numbers that resemble legitimate charities' numbers or create fake charities to get money and personal information from you. To protect yourself, do thorough research on the charities and only donate to trusted and reputable ones. You can also check with the National Association of State Charity Officials to see if a charity is registered with your state.

Scams abound online and they especially increase during the holiday season. By using these tips, you can shop and do business online safely.


Get cybersecurity tips, articles, and videos sent straight to your inbox