Holiday-time and cybercrime – ‘tis the season to be vigilant
Today, online shopping is the preferred method of buying goods for millions of consumers. By 2021, over 2.14 billion people worldwide are expected to buy goods and services online, up from 1.66 billion global digital buyers in 2016.[i]
We’ve just experienced a flurry of online shopping activity surrounding Black Friday and Cyber Monday, when millions of transactions amounting to billions of dollars took place over the Internet. Now, as the Christmas season draws closer, consumers across the globe will be ramping up their use of online shopping channels to buy gifts and other goodies as they prepare to celebrate the holidays with their loved ones.
Post-Christmas sales remain ever-popular with bargain hunters. And then there’s ‘Take back Tuesday’ when online shoppers return unwanted Christmas gifts. In the UK, online activity can hike by more than 50% on that single day.
The reasons we choose to shop online at this time of the year are compelling: the convenience of not having to battle your way through crowded shopping malls … no time wasted standing in check-out queues. And often retailers offer goods on e-commerce platforms at more competitive prices than in-store items.
But, there’s also a downside.
In recent years, the ‘season of goodwill’ has increasingly been tainted by an uptick in shopping-related cybercrime and I believe we can confidently assume that incidents of online fraud will increase in the weeks ahead. It’s estimated that a victim of a festive season cyber scam loses between USD 50 and USD 5,000 per incident.
What tactics do cybercriminals use?
Cybercriminals are devious, opportunistic characters who cleverly adapt their tactics to the season. In the weeks leading up to Christmas, we tend to see an increase in email phishing campaigns, ransomware attacks, banking trojans, and the emergence of fraudulent websites that promote special deals on popular gifts and even discounted holiday packages.
We frequently see scammers sending out fraudulent surveys in which they ask people to enter their banking and/or credit card details. It’s also common at this time of year to receive unusual, unsolicited emails from unfamiliar senders asking you to click on links to find out more about the special deals they have on offer. Other tactics include attaching a fake receipt relating to a purported online purchase to an email – the user is asked to enter a password to open the attachment that contains ransomware.
Closely related to this are bogus shipping delivery status notifications designed to entice you into clicking on malicious links or opening nefarious attachments. Cybercriminals know that you’re more likely to send or receive gifts from friends, family, or loves ones at this time of year and are therefore more susceptible to these tricks. Fraudulent gift cards and Christmas reward phishing scams are also common at this time of year.
So what exactly are cybercriminals after? Essentially, their motivation is to gain access to two types of information:
- Your personal credit card details – once they’ve accessed these, they’ll quickly start using your hard-earned cash to ‘fill their own Christmas stockings’.
- Information on your personal identity (e.g. user names, passwords, details of sites you access regularly). Many people tend to save their passwords on online shopping websites or re-use the same passwords on different websites. If a cybercriminal is able to access your credentials they can use them to impersonate you on multiple sites and online platforms, and charge purchases to your personal accounts.
Don’t let a cyber-Grinch steal your Christmas
I believe that as consumers, we need to make ‘cyber-hygiene’ a priority. Manufacturers of security technologies and merchants that offer online goods and services can only do so much. We all need to be more proactive about protecting ourselves, and our families, online.
Here are my top 10 tips for ensuring that you don’t fall victim to cybercrime this festive season:
- Everyone loves a good bargain. But be wary of ‘enticing’ offers ─ especially if the source is an unsolicited email, attachment, or one that directs you to an unfamiliar website. Remember: if a deal sounds too good to be true, it probably is!
- Make sure the website you’re choosing to purchase goods from is secured with encryption and from a trusted merchant. There should be a visible padlock icon on your browser to confirm encryption.
- Ensure that your anti-virus and operating system patches are up to date on all devices (mobile, tablet, laptop, and PC).
- Never use public Wi-Fi connections when making online purchases.
- Use your credit card rather than debit card. A credit card usually offers protection that’s not always afforded to you in a debit card. Choose not to store your card details online.
- Never share your user names, passwords, or other personal information online. A breach of your shared credentials on one site guarantees cybercriminals can re-use them on another.
- Consider using a password management system such as KeePass, LastPass, and Keeper which allows you to securely store and manage all your credentials from a single location. Ideally, opt for multi-factor authentication (using more than one password, biometrics etc.) on all sites and services that offer it (banks, Dropbox, PayPal, e-mail, etc.)
- Only download legitimate applications onto your devices from known, trusted sources.
- Check your bank statements often and report any suspicious or unauthorised charges or discrepancies to your bank immediately.
- Educate your children, elderly parents, and relatives, (who may be less cyber-savvy about scams). The best way to protect your family from falling victim to cybercrime is to communicate, communicate, communicate. Ask them about their habits, share best practices, and encourage them to ask questions if they’re not sure.
Dimension Data’s own Managed Security Services delivery teams are ramping up their efforts to provide vigilance around the holiday season to ensure our clients remain protected. To find out more from our experts about the global threat landscape, and how to raise your defences against the scourge of ransomware, take a look at our Executive’s Guide to the 2017 Global Threat Intelligence Report, or read our recently published white paper, Ransomware: The Pervasive Business Disruptor.