More and more, people turn to online shopping for the holiday season.
How can you be careful and not fall for a scam? Here’s our guide, by Emma Mullins.
This past year has seen multiple global attacks on businesses, political conflicts resulting in cyber warfare, and increasingly sophisticated online scams being used in cyberspace.
With the end of the year approaching and many people embracing the festive season, ever adaptable cybercriminals will also be doing the same.
With huge events such as Black Friday and Cyber Monday, right the way through to post holiday sales seeing online shopping figures hit their annual peak, this season is also a chance for new malicious tactics we have seen throughout the year to make an appearance.
Although imposter scams can be executed in multiple ways, usually it follows the same process: an attacker impersonates a trusted person or organisation to persuade a user to send them something of monetary value.
These types of scams can take on new themes around the holidays from impersonating legitimate charity organisations, family members in need of extra financial support, or romance scams exploiting the time of year when people can feel more vulnerable. Although these types of scams are not new, the huge increase seen in Artificial Intelligence (AI) technology and applications such as ChatGPT this year has resulted in much more convincing attempts.
Whether it be for last minute gift purchasing, post holiday bargains, or looking for seasonal work, digital offers can be received by us all multiple times a day over the festive period. These offers can take on constantly changing forms such as adverts on social media, text messages about renewable subscriptions, or an e-gift email offer.
Some of the new tactics used in phishing emails this year such as ‘quishing’ could also play a part in this year’s wave of seasonal offer scams. Quishing is a form of phishing involving the manipulation of users through malicious QR codes. When scanned, QR codes commonly direct users to web pages, but they can also trigger actions such as facilitating digital payments. An increase in the variety of techniques used in phishing attacks make it extremely difficult for users and security defences to determine what is or isn’t legitimate.
Want to know more about phishing? Check out our blog article “How to protect against phishing”!
Some of the two more popular themes to be aware of for online scams over the holidays revolve around package deliveries and refunds. Cyber criminals can take on the persona of a trusted organisation informing users that they are due a refund, but in order to receive your refund you are required to share your personal or banking information.
Fake delivery phishing attempts are also extremely popular this year, with logistics companies being impersonated and enticing users to reveal personal information for reasons such as order confirmations or delivery rescheduling.
These types of malicious campaigns can also be adapted this year with the use of One-Time Password (OTP) bots used to further convince a user that they are communicating with a legitimate company. OTP bots are automated programmes used to extract one-time authentication passwords from users by tricking people into divulging an authentication code that has been sent by email, SMS, or even an authentication app. Once authenticated, an attacker could perform further unauthorised actions from an Multi-Factor Authentication (MFA) protected account.
Unfortunately, it is not just personal information that is at risk. Ransomware attacks against businesses also increase over this time of year, this is a following effect to the amount of additional personal and financial information being collected through our online purchases. This creates more opportunities for cyber criminals to pivot between our personal and corporate data.
Additionally, this year has seen an increased use of incredibly sophisticated deep fakes which could make initial access to business networks much more likely by tricking an employee. Combining such technology with already seen tactics, such as spear-phishing campaigns (targeted attempts at stealing information), can make for much more convincing impersonations of executives or other managerial individuals to deceive employees into revealing sensitive business information or gaining unauthorised access to an organisation’s network.
Although this time of year is a time where most people will be relaxing and taking some time off, this is not the same for cyber criminals. It is important to remain vigilant when completing online purchases, particularly those last minute gift buys. Fortunately, good cyber security practices will help users stay safe when embracing the holidays. Some of these practices include:
As the end of the year approaches it is important for users and organisations to prepare for some of the possible evolving threats that could be seen in the cyber landscape for the future. Threats surrounding deep fakes, Artificial Intelligence, Cloud services, and supply chain attacks are likely to be seen in the new cyber year.
Cybersecurity This article goes beyond the usual industry practices, focusing on less common cybersecurity tips, to address the ‘road less travelled’ kind of strategies.
Read more
Cybersecurity You’ve probably heard the term phishing before, but what does it mean? And most importantly, do you know how to react when faced with this genuine risk?
Read more
Cybersecurity Discover in this article some tips for CISOs to strenghten their cybersecurity What is the role of a CISO? A requirement not listed on the average CISO job description is ‘expert whack-a-mole player’ – though it would be a helpful addition. The truth is that today’s CISOs are constantly juggling competing priorities, and must become […]
Read more