Everyone is excited for the holiday season as they enjoy time with friends and family. But it’s not a time to let down your guard. While you might be looking out for a perfect gift for your loved ones or trying to grab yourself a bargain in the sales, cyber criminals are out to scam you. People are now more vulnerable as they go into ‘holiday mode’.

To help you out, we’ve created a quick reminder list of what you need to be aware of and keep yourself safe this holiday season.

Delayed shipment emails

Especially this time of year, many people are snapping up good deals in the sales and buying last minute presents for their loved ones. With this increase of orders comes the increase of delivery emails.

This opens the way for cyber criminals. With more delivery emails being sent, cyber criminals can send their own fake delivery emails with a higher success rate. Generally, their emails have a higher chance of reaching someone who has legitimately made a purchase, and because of the coincidence in timings, will fall victim to the fake email.

Hacker’s emails will trigger an emotional response and will create a sense of urgency. If emails include links, don’t click on them. Instead navigate to the website directly and log into your account.

For example, if you get an email supposedly from Amazon with a link to check on your order, don’t click on the link. Navigate to the official Amazon website directly and safely login. You’ll then be able to see all your notifications.

Fake delivery email

Holiday greetings card

Ever heard of an e-card? This is where someone will create a digital holiday greetings card and send it to you via email. In recent years many people have put friends, family and colleagues faces on different bodies such as elves. As these are normally sent in the holiday periods, people are not as aware of the dangers.

Anyone can create and send these, opening up another way for cyber criminals to gain access to your devices. They will send you an email with a link to view an e-card. This can be tempting as you may think it’s a bit of harmless fun – someone’s sent you a free gift, right? – wrong!

Once that link is clicked, you’ll be in all sorts of trouble.

Fake e-card

Holiday sales

We all love to grab ourselves a bargain don’t we! So, we all keep our eyes open for when we see the big sale and discount signs. But just because it’s a ‘special offer’ doesn’t mean it’s a good deal to be had. Sometimes prices haven’t reduced at all. So, stop and think before you jump on the band wagon.

Also, now might not be the time to be buying from online stores you haven’t purchased from or heard of before. You might see ads online offering a great price, but if it seems too good to be true, it normally is.

This could also go a step further. Which brings us onto our next sections about fake websites.

Fake shopping websites

Fake mobile apps or fake websites

Firstly, fake mobile apps are a real problem and so easy to download. Please only download applications which are on official app stores such as the Google Play Store or Apple Store. These are apps that have been approved for use and are more trusted. Do your homework before you download anything.

Secondly, be aware of fake websites. At least double check the website you’re visiting is secure by checking the SSL certificate. Make sure there is a padlock in the URL bar and the domain starts with “https” not “http”.

There are fake apps and websites which, on the surface look great, but are created to harvest your information. Things such as reward apps offering special deals and prizes, and cashback schemes are a common issue. Make sure you do your research and check the reviews.

If a website or app is offering products at suspiciously good prices, it could be a scam website. If it is and you make a purchase, you lose your money and you don’t get your order. Not only this, but it is also possible that they keep your card details and begin to use them fraudulently.

fake promotion apps

Suspicious credit card activity

This goes on generally throughout the year but also becomes more popular at holiday time as people start to spend more.

You might get emails or SMS messages supposedly from your bank saying that you have suspicious bank card or credit card activity. In this message it will say you need to login in to check your account.

This message will also include a link. This link will go to a login page, but it won’t be the legitimate login page from your bank. It will be a look-a-like page that is very similar to the banks page, but when you submit your login details they will be collected by the cyber criminals. Be careful!

Fraudulent text from bank

Charity fraud

According to Action Fraud, £1.6m of the public’s money was lost to online charity fraud in 2021.

Everyone’s in a generous mood when they’re in holiday mode. This time of year, you see many advertisements to donate to various charities, whether that’s to provide food and shelter, humanitarian aid, or animal rescue. But if you’re donating, ensure its to the legitimate charity.

Before donating make sure to check the charity name and registration number. You can do this on the government website and using the Fundraising Regulators online directory. Look out for the Fundraising Badge on any marketing materials and make sure you ask questions about the cause. If it’s the genuine charity they will be happy to give satisfying answers to your questions and provide more information.

Fake charity site

This is not a conclusive list. There are many other ways cyber criminals can scam you, so be on guard. Remember, if you spot a deal that’s too good to be true, it probably is.

If an SMS message or email has a sense of urgency or tries to get you to click a link, don’t do it. Navigate directly to the company’s website and login to your account. You’ll then be able to see all your account notifications safely.

Make sure you stop and think before you take any action and stay safe this holiday season. If you need help to keep your business protected from cyber criminals, or would like cyber security awareness training for you or your team, please get in touch.

 You can learn more about the different forms of phishing attacks in our guide: The Business Owner's Complete Guide to Phishing.

December 01, 2022 — Paul Stanyer