For millions of Brits, Christmas and the new year is a time to relax alongside friends and family and enjoy a break from the stresses of work. Yet it can also be one of the most lucrative times of the year for cyber criminals, as they benefit from people letting their guard down online.
This month marks the 35th anniversary of the Christmas Tree Worm, a piece of harmful code disguised within a festive graphic that left a trail of destruction as it was shared among networks. It was the first example of viral malware and showed how festive cybercrime can flourish.
Today’s worms have turned far more high-tech. Holiday season hackers now use more sophisticated methods to lure their victims — from Christmas phishing emails and spoofed websites to bogus giveaways — so it’s important to know what to look out for.
Marijus Briedis, cybersecurity expert at NordVPN, has some tips to protect yourself from the scammers over Christmas and the new year.
1. BE CAREFUL WHERE YOU CLICK: Whether it’s the lure of last-minute presents or seasonal sales, online shoppers will be out in force this Christmas. In your hurry to bag a bargain make sure you check your cybersecurity to stay ahead of the hackers.
Avoid the temptation to click on pop-up ads or links to websites that you cannot verify. Use a search engine to find the retailer you want and activate antivirus software like NordVPN’s Threat Protection to check for any malicious sites. In the case of well-known retailers it pays to be wary of “typosquatters” who may have set up fake sites under similar names to try to trap unsuspecting visitors.
2. ROGUE DELIVERY: The Royal Mail strikes and the traditional surge in parcels over December have created a perfect storm for delivery scams to thrive. Typically, would-be victims will either be sent an email or text giving them an order number and tracking link for an outstanding package or missed delivery. Once you have clicked, a hacker knows your contact details and may use this to supplement the scam, for example, by asking for a delivery charge.
If you have received a message with a tracking link, do not click on it and cross-check any code with the delivery company’s website. Any suspicious texts should be forwarded to 7726, a free spam-reporting service provided by phone operators.
3. UNBOXED AND UNPROTECTED: Internet-of-things (IoT) devices such as smart watches, voice assistants and health trackers are among the most popular Christmas presents. Before you take your new gadget for a spin online it’s worth ensuring you take a few minutes to make it more secure. This can include changing the default password that came with your smart device and adding an antivirus or VPN to your router to safeguard IoT gadgets on your network.
4. A GIFT(CARD) FOR SCAMMERS: When it comes to picking a present for a hard-to- buy-for relative, online vouchers and e-gift cards are the new book tokens. It therefore might not be a surprise to receive a retailer voucher by email around Christmas, something hackers know only too well.
As well as links to fake vouchers that could contain malware, fraudsters may often trick people into buying genuine coupons and revealing their unique card numbers by posing as family members. To steer clear of these scams, be sure to verify any voucher offer on email with the relevant retailer’s website and always speak to loved ones on the phone before making transactions you believe they have requested.
5. A TAXING NEW YEAR: The Christmas and new year break is a popular time to tackle online chores and some Brits will be using it as a window to submit their self-assessment tax returns to HMRC ahead of the 31st January deadline. Yet be careful not to give extra money to opportunistic hackers. Thousands of UK taxpayers have been sent fake HMRC phishing emails and texts during 2022, with messages ranging from tax rebate offers to threats of arrest.
If you have to file a self-assessment return, be wary of any communications you receive as you are much more likely to be targeted by hackers. Keep an eye out for any HMRC copycat websites and remember that tax rebates in your favour are not common outside a game of Monopoly.
6. GIVEAWAY GRIFT: Without sounding like Scrooge, anything that seems too good to be true probably is — and this can definitely be said for a flurry of Christmas giveaway frauds. A recent example is a Cadbury Whatsapp scam. This involves you being sent a message through the messenger app including a link that will give you the chance to win a ”Christmas Chocolate Magic Basket”. Once clicked the link takes you to a quiz that encourages you to give away your personal data and then share the quiz with others.
Much like similar scams earlier in the year for British Airways, Heineken and B&Q, this preys on consumers’ faith in brands and love of a freebie. Save WhatApp messaging for your friends and family this year and don’t let a fraud, however sweet, sour your Christmas break.