Holiday Haste: Here’s How to Avoid Being Duped by a Cyber Grinch

It’s always a race against the clock to find the perfect holiday gifts in time. And, like the Grinch looking down on Whoville, cybercriminals are watching, ready to exploit your haste.

There’s a lot more at stake than presents and a roast beast, whether it’s stealing personal information or duping customers into scams.

Latin family of three using a smartphone and a credit card to buy some Christmas presents online (Depict Image)

This year’s holiday season is likely to be more difficult than previous ones. COVID is forcing many people who would otherwise shop in malls to shop online. Instead of handing out gifts, they’re shipping them to family and friends.

Chip shortages and supply chain issues (shorthand for a slew of manufacturing and shipping blunders) have only exacerbated the situation. Gifts are more difficult to obtain and to send. In fact, according to a new CNET survey, nearly one-fifth of all Americans are buying more gifts online this year due to supply chain issues.

The combination of increased online shopping and increased desperation creates an ideal environment for cybercriminals who prey on emotions to obtain credit card numbers, login credentials, and other personally identifiable information from consumers.

Customers facing shipping deadlines for Christmas, Hanukkah, and Kwanzaa will be more likely to shop on dubious websites and less likely to think twice before clicking on holiday-themed scam emails, according to Josh Yavor, the head of information security at Tessian, a cybersecurity firm.

Yavor, like many others, stated that he has been unable to locate an Xbox for his child. Even for someone like himself, phishing emails advertising deals on one of those would be tempting to click on, he said.

“We’re going to see a lot more of that this year, especially with the ongoing supply chain issues.”

Fortunately, a few precautions can go a long way toward ensuring that your holiday season is as joyous and bright as possible. According to CNET’s poll, 52 percent of online holiday shoppers stick with reputable retailers. For online purchases, nearly 40% said they would use a credit card rather than a debit card linked directly to their bank account.

Only 7% said they had no plans to protect their personal information while shopping online.

Here are some tips from experts on how to shop safely during the holidays:

Check your list (as well as your credit card and bank statements) at least twice.
Maintain vigilance over your bank and credit card accounts. It’s useful not only for security but also for keeping track of your expenses.

Limit your holiday shopping to a single credit card and email address to make this task easier. This will also lower your chances of falling for a phishing scam if it comes to your other email accounts.

Don’t make any purchases with your debit card. If your account is compromised, your bank will assist you in recovering funds, but it is much easier to have charges reversed when a credit card number is stolen.

“The credit card is the most replaceable part of your identity,” Sophos principal research scientist Chester Wisniewski said.

He went on to say that people should be more concerned about protecting non-changeable personal information, such as their birth date and mother’s maiden name.

Don’t make yourself a feast for the phishermen.
Scam emails used to be easier to spot due to overly spammy pitches or English so bad that it embarrassed Google Translate. This has changed.

Using low-cost, automated technology, phishing emails can sound more natural and be contextually relevant. Though security technology has improved, it can’t prevent people from clicking on things they believe are legitimate.

According to Tonia Dudley, a phishing expert for the security company Cofense, cybercriminals are also taking a more low-tech approach by hiring native speakers to write email templates for them. She mentioned that one Russian cybercrime ring even hired a native Japanese speaker to target people in that country.

Some of the most convincing phishing emails in recent years have taken the form of shipping notifications, complete with barcodes that appear to be from Fedex or UPS. If you are concerned about the authenticity of the tracking number, go directly to the shipper’s website and copy and paste it there. No matter how tempting or urgent they appear, do not click on links or open attachments.

Fake shipping notifications are increasingly arriving in the form of texts, according to Brian Wrozek, chief information security officer at cybersecurity firm Optiv, who adds that many people are less skeptical of texts than emails.

READ ALSO: Gmail Users Warns About New Phishing Scam ‘Bait Attack’—Here’s What You Need to Know

“For some reason, we’re all more at ease with what appears on our phones,” Wrozek explained. “It’s almost as if if they’re texting it, it must be true.”

Is that the real Santa? Or is it simply the Grinch in disguise?
Sure, if the major retailers don’t have what you’re looking for in stock, you can Google it, but make sure you’re dealing with a legitimate company. Be especially wary of advertisements that appear in your social media feeds touting amazing, limited-time deals.

As the saying goes, if something appears to be too good to be true, it most likely is.

Though we all want to help small businesses, especially during difficult times, Wisniewski advises limiting the amount of personal information you give them. A mom-and-pop shop may be well-run, but it is unlikely to have the same level of cybersecurity protection as a big-box store.

The Elf on the Shelf isn’t the only one keeping an eye on things, but does it really matter?
The internet has evolved dramatically in recent years. Any site worth its salt is now encrypted, which means that if someone did intercept your web traffic, for example, by connecting to the same Wi-Fi as you at the local coffee shop, it would be scrambled and useless.

As a result, many security experts believe that a virtual private network (VPN), which masks people’s locations while also encrypting their data, is overkill for most people.

Wisniewski claims that basic cybersecurity precautions, which you should take all year, are all you need to avoid a cyber Krampus visit.

Before you begin shopping, make sure your devices and online accounts are secure (bank and credit cards, emails, social media, shopping-website logins, and so on). Update your operating systems, antivirus software, and all applications.

Strong, unique passwords are required for all online accounts. If you need assistance, use a password manager. When two-factor authentication is available, it should always be enabled. This requires a second identifier, such as a biometric or a push notification sent to your phone.

If you’re concerned about the security of the free internet at your local store, use your smartphone’s cellular connection instead. It’s far more secure than almost any other Wi-Fi connection available.


READ ALSO: WhatsApp Begins Awareness Campaign To Alert Users About Ongoing Scam