The chestnuts are roasting on an open fire. You’ve put the kids to bed early and are wrapping their gifts. You realize that you’re missing a present for your nephew. After loading up your 4-wheel drive sleigh, you pop out to the store to pick up the newest version of Rock ‘Em Sock ‘Em Robots. When you arrive at the register, your card is declined. You call your credit card company only to find out your card information has been stolen. Holiday cyber-crime has put a damper on your night.
In an instant, your holiday season is looking a lot less like “It’s A Wonderful Life” and unnervingly more like “Krampus”. After hours on hold with your credit card company’s terribly generic holiday music, you feel markedly less than merry and bright as you gain a crash course in holiday phishing scams—which you likely fell victim to.
Like the Ghost of Christmas Past, you remember an email you got from UPS with an update about your package— one you didn’t order. You clicked on the link, which appeared to be faulty and didn’t think anything more of it. Luckily, you caught it before your bank account was left with a sum too small for even a mouse. Others may not realize as quickly.
With an estimated $190 billion in projected holiday sales this year, it’s important to remember that cyber criminals follow the money. They’ll be lying in wait, ready to attack like the burglars from Home Alone, leaving devastation in their wake. All it takes is one moment of inattention to make yourself vulnerable to a phishing scam, which is even tougher to figure out as the email and text notifications from holiday shopping pile up like snowdrifts in your inbox. Roughly 400 cyber-attacks are attempted every minute this holiday season, so you’re likely to come across one or two as you strive to get the presents under the tree.
Are you protecting yourself against holiday cyber-crime? Take our quiz to see if you’re ready to jingle all the way or if you need to spend one of your silent nights amping up your cybersecurity.
1. You receive a text from what appears to be UPS, giving you tracking information for a package you don’t remember sending. The link looks like it was made using an aggregator and does not link directly to the UPS website. What is your first thought?
a.) Seems phish-y to me.
b.) I think I have a package coming—don’t I?
c.) Oh—Mom must have sent me a package!
d.) I’m curious. I’ll click it to see what’s coming my way.
2. You’ve been researching online for a new game console for your kids’ Christmas gift. After looking high and low, you come across a new site that offers the game console for less than half the price of the others! The photos are exactly the same as the more expensive console you’d been perusing, and the reviews are all very good. You’re tempted to add to cart. What do you do?
a.) Take a look at the Better Business Bureau to see if this company is legitimate.
b.) Read a few more reviews and pay through PayPal to protect my purchase.
c.) Do a quick google search for the company and then pay for it.
d.) I can’t pass up a good deal! I’ll add rush shipping too so it gets here with plenty of time to wrap!
3. You open your email that appears to be from an Amazon employee with the link to a free $50 gift card. What’s your first step?
a.) Go directly to Amazon.com. If they sent you a gift card, you would be notified on your account there. If there is no notification, send Amazon Support a message about the scam.
b.) Notice that the email address doesn’t look like other Amazon Support emails you’ve received. You block it as spam.
c.) Click through to see who sent you the gift card!
d.) Click through and enter your account details so you can get some shopping done.
4. You’re at a coffee shop, typing out some emails and you remember that you need to book your plane tickets home for the holidays. You’re worried they may be running out of seats quickly, so you need to act fast. What do you do?
a.) Make a quick stop at home to complete the transaction on your private network.
b.) Turn on your VPN to complete the transaction in the coffee shop.
c.) Make sure nobody is looking over your shoulder before you enter your credit card information.
d.) Just get it done! I need to go home to eat my grandma’s Christmas cookies!
5. What is your preferred online payment method?
a.) I prefer using PayPal.
b.) I enter my credit card details each time.
c.) I typically pay with a debit card.
d.) I keep all my payment information saved on my browser extension so it auto-fills.
Mostly As: Carry on With Comfort and Joy
You’re a savvy web user! You know the importance of a secure network and you aren’t afraid to reach out to verify whether or not messages you receive are legitimate. You can spot a malicious phishing attempt faster than Santa’s elves can build an Etch-A-Sketch, and you know better than to fall for deals that seem just a little too good.
Now is not the time to grow complacent about your cyber-crime prevention strategy. With an influx of holiday emails, texts, and more, you can believe that the attacks will become more frequent and complex. We recommend staying up-to-date by regularly reading briefings from the Cybersecurity and Infrastructure Security Agency (CISA). They work hard to stay on top of the latest cyber-crime trends, so you don’t have to. There is also the option to subscribe to updates straight to your inbox—emails you can open without fear of phishing.
With your knowledge, it may be time to check in with your loved ones—especially those who are not as comfortable using the computer to see if they need assistance making holiday purchases online. If you promise to act surprised when you receive your gifts, your grandpa, aunt, or cousin will likely be grateful for the peace of mind that comes with your help.
Mostly Bs: Might Need Some Elves
While you’ve got the basics of holiday cyber-crime prevention covered, there’s still room for improvement. One of the more common ways people fall victim to phishing attacks and other cyber-crime is through attempts on their mobile devices. While some of the best gifts come in small packages, these emails, links, texts and attachments aren’t gifts you want to open.
Take some time to familiarize yourself with the finer points of cyber-crime prevention on mobile devices. It’s especially difficult to deduce whether or not an email is malicious when your screen fits into the palm of your hand—there is simply not enough space to see all the information that may indicate that it was sent with less-than-good tidings. If this happens to you, you’re not alone; Verizon estimates that 30% of phishing emails in the United States are opened each year.
If an email seems legit at the surface, but the link seems off, you can check it by hovering over the link on your smartphone. A smaller preview window will pop up and you can see if it’s safe to follow without actually clicking through. It’s a good practice to follow this on all the links you receive—even if you’re 99% sure that you can trust them. Additionally, things to look out for that can slip past smaller screens include misspelled words and odd email addresses.
Mostly Cs: It’s Beginning to Look a Lot Like Cyber-Crime
Your phishing prevention strategy looks like it’s being held together by tinsel. You understand that there are risks, but your curiosity often gets the best of you, leading to massive vulnerabilities when it comes to your online accounts and transactions.
You probably use various passwords for each of your online accounts, but did you know that it may not be enough? If you were to fall victim to a phishing attempt or other cyber-crime attempt and give out your password (it happens much more frequently than you think!), your entire account will be at risk—as well as any credit card numbers attached. Think about what a disaster it would be if your Amazon account got hacked.
Dual-factor authentication is one of the best tools you have to protect your personal accounts because it acts as another gatekeeper, should your account details fall into the wrong hands. If you add another layer of protection with dual-factor authentication, these cyber criminals will have a much harder time getting into your accounts and you’re less likely to wake up to an unpleasant surprise.
Mostly Ds: The Grinches Won’t Only Steal Christmas
You are using your mobile and desktop devices in a way that will likely leave you only able to dream of a holly jolly Christmas and Happy New Year. Your usage leaves you with countless vulnerabilities and opportunities for phishing scams and other holiday cyber-crime to steal your identity or credit card information, leaving you with a mess to sort out instead of presents.
It’s time to go back to basics with your cyber hygiene so you can salvage what’s left of your holiday season—and beyond. The first rule of thumb: if a deal seems too good to be true, it usually is. Don’t fall for the knockoff items that claim to be the real thing.
Additionally, do not store your credit card information on your computer or phone, as tempting as the convenience might be. This is the equivalent of putting unwrapped Christmas presents right under the tree—it will be no surprise when someone finds them. Once you’ve addressed the most immediate concerns, feel free to read the rest of this article to scale up your protection so you’re ready for whatever cyber criminals throw your way.
Ready to Get a Leg Up Against Cyber Scrooges?
LightEdge’s expert team members take the guesswork out of managing complex security and compliance concerns, keeping your business protected. Trust our decades of experience and rest assured you are covered through our security and compliance services, including Data Protection, Backup and Recovery, SIEM, and DDoS Protection. It’s the gift that keeps on giving, all year long.
Customers turn to LightEdge to scale security, mitigate risks, and for predictably and cost-effectiveness. LightEdge provides customers with an extended team of experienced engineers and helps to focus resources on agility and differentiation. Want to see if your current provider is on the naughty or nice list? Our security experts will provide a free assessment to see how you measure up against the latest compliance and security standards. No risk, no commitment. Contact us today to get your free security assessment.