Subscribe

How to avoid cyber crime this Christmas

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 14 Dec 2022

While the festive season is a special time for millions of people around the world, it is also a special day for attackers.

Check Point Software provides some tips for a safe and secure shopping experience:

  1. Buy from an authentic and reliable source: Always look for the link in the search engine you use, never click on links sent to you by e-mail or text message, as many cyber criminals try to phish through these channels.
  2. Check the authenticity of the domains: Cyber criminals will always try to make the domains they create for the pages they imitate look as similar as possible to the original, but they will always have some spelling mistakes.
  3. Beware of offers that seem too good to be true: If an offer is too good to be true, it is probably a scam, even more so at this time of the year. Do not get carried away by surprisingly low prices.
  4. Always look for the lock: Secure Internet sites (HTTPS) sites are those that comply with international security standards.
  5. Have endpoint security solutions in place: It is necessary to have them for the email as well as for websites when we surf the Internet, since they can prevent the spread of such malware to the rest of the equipment or computers.
  6. Be on the lookout for password reset e-mails: Companies will rarely ask you to reset your password unless you have requested it yourself.  If you receive an e-mail asking you to change your password, the best thing to do is to go to the company's website and change your password from there.

Check Point says phishing is a major problem at this time of year. Its Brand Phishing Report Q3 2022 revealed that parcel delivery company DHL was the most impersonated company.

Charnie-Lee Adams-Kruger, country manager for South Africa at Check Point, says   cyber criminals never go on holiday and people need to be more cautious than ever at this time of year

”Cyber attacks, as our reports point out, continue to increase, especially more so around such special holiday seasons such as Christmas. Both ransomware and phishing are the order of the day for companies and individuals, so no one is exempt from danger,” Adams-Kruger says.

Staying vigilant

Aamir Lakhani, a global security strategist and researcher at Fortinet, says opportunistic hackers know just how to create enticing, seasonally-appropriate lures, and even some of the simplest scams can fool adept online shoppers.

There are a few common threats to be aware of during the holiday season, he warns.

Firstly, online holiday gift card scams. Around the festive season, gift cards are popular targets for scammers. Some will go as far as to manipulate gift cards sold in stores, scratching off the layer of protective coating to write down pin numbers, and then “replacing” the coating with a sticker so it looks brand new, he explains.

Bad actors will plug those pins into software that sends an alert once someone has purchased and activated their gift card, and then proceed to drain all its funds.

Similarly, any e-mail appearing to be from a friend asking for help using a gift card as payment, is almost certainly a scam, adds Lakhani.

Another common trick is an account takeover attack. Crooks initially use credential stuffing or password spraying tactics to get their hands on account credentials for a particular e-commerce platform.

They will then use this information to make purchases using the obtained account information, often buying high-value electronic gift cards in bulk before promptly spending those gift cards to avoid being tracked down.

Securing gift cards

The best way to avoid becoming the target of gift card scams is to remain vigilant, set strong passwords for every online account, and keep an eye on these accounts for strange activity.

Also, regularly update your login credentials and monitor your payment accounts for signs of unusual activity, and carefully scrutinise any gift cards for signs of tampering before loading funds.

Finally, never agree to pay for online purchases in gift cards when prompted via email. In these cases, the item the user is trying to buy probably doesn’t exist.

Video conferencing phishing scams

For families that are unable to travel to be with one another this holiday season, celebrating virtually is the next best thing, says Lakhani.

But, it’s important to be on the lookout for certain social interaction-based scams that continue to target those who are letting their guard down.

“As we continue to rely on video conferencing as a tool for social interaction, cyber criminals will continue to execute phishing campaigns that take advantage of these video-based platforms,” he adds.

These phishing attempts involve e-mails containing fake links that prompt the user to download a new version of their video conferencing software.

The link will direct them to a third-party website where the user can download an installer. In some cases, although the program installs the video conferencing software, it also loads a remote-access Trojan malware program on the host, giving attackers access to the user’s sensitive data and information, which can be sold on the black market or used for identity theft.

To avoid video conferencing scams, always follow cyber security best practices by examining the sender’s e-mail address before clicking on e-mailed links or downloading attachments, even if they seem to come from a trusted source, advises Lakhani.

Share