Don’t be fooled by Cyber Scrooges this Christmas

• Christmas is a time for gift giving and spending more time with loved ones, but that does not stop cybercriminals from trying to get your data.
• In the first half of 2022, attacks increased 44% over the same date in 2021, according to Check Point Software’s Mid-Year Report.
• On shopping dates such as Amazon Prime Day, attacks increase even more, reaching peaks of more than 35% compared to the average.

Christmas is a special time for millions of people around the world as heart-felt gifts are exchanged and families spend time with loved ones. But it is also a special season for cybercriminals as they take advantage of these shopping days to increase their phishing attacks, ransomware, and even dropping malware into emails.

During this time of frenzied shopping for the perfect last-minute Christmas gifts or grabbing Boxing Day and New Year bargains, cyberattacks are intensified. According to Check Point Software, on Amazon’s Prime Day, for example, attacks related to the US company increased by 37% compared to the average for June. In their Brand Phishing Report for Q3 2022, Check Point also found that DHL, the parcel delivery company, was the most impersonated company, setting up shoppers for cybercrime.

At a time when online shopping is busier than ever, consumers need to be especially careful. That is why Check Point is raising awareness for the telling signs of a scam, and how people can better protect themselves.

1. Always buy from an authentic and reliable source: Before making a purchase, it’s important to authenticate the site you are using to make the purchase. Instead of following a link sent through on email or text message, go directly to the retailer by searching for them on your selected browser and locating the promotion directly. Those extra few steps will ensure you are not clicking on any fraudulent links, and you can make your purchase with confidence.

2. Be alert to similar domain names: Many scam websites will often use a domain name similar to the brand they are trying to replicate, but with additional letters or misspellings. To ensure that you are not handing over your banking information to scammers, pay attention to the URLs to check if there anything usual or unfamiliar. By taking a minute to look for tell-tale signs that a website may be fraudulent, you can quickly determine its legitimacy.

3. Look for ‘too good to be true’ offers: Often phishing scams promise extremely good discounts on very popular items. If you receive an offer that does appear to be too good to pass up, don’t rush to buy it before it sells out. Chances are it is a scam. Instead, check that the seller is authentic by checking other websites to see if they are offering similar discounts.

4. Always look for the padlock: A quick way to see whether a website is secure is to look at whether the URL start with HTTPS. This is an indicator it is compliant with international security standards, and it is usually partnered with a padlock to reflect this. If these are missing, then it’s a strong indication the website is fraudulent and should be avoided.

5. Use endpoint security: While we do see an uplift in scam emails during popular shopping periods, phishing emails are used by cybercriminals all year round. That’s why everyone should be looking to implement email security solutions to prevent them landing in our inboxes in the first place.

6. Be wary of password reset emails: Hackers will always be looking for ways to get into people’s shopping accounts often by credential stuffing, where details have been obtained as part of a separate breach. As a result, consumers should be cautious of password reset emails that could be fraudulent. If you do receive one, always visit the website directly (do not click on the links) and change your password.

“Research suggests that cyberattacks increase around the festive season, with both ransomware and phishing the order of the day for companies and individuals,” says Ian Porteous, Regional Director, Security Engineering, UK&I at Check Point Software. “We all want to have a happy Christmas buying gifts for family and friends and maybe even grab a bargain ourselves. But cybercriminals do not take holidays, and that is why you have to be very cautious, even more so at this time of year.”