Silent Hacks, Deadly Nights: Protect Yourself from Holiday Cyber Threats
The holiday season is coming up. As the world begins to wind down and celebrate, the holidays are a golden opportunity for cybercriminals. As online shopping surges and people become distracted by festivities, hackers exploit vulnerabilities to launch cyberattacks. Here are the five most common cybersecurity attacks to watch out for during the holidays, along with some little hacks to protect yourself against them.
- Holiday-themed Phishing Scams
Have you received an email from a retailer with an offer that seems “too good to be true”? Adversaries often mimic trusted retailers, shipping companies and charities, luring in victims with limited time Black Friday/Christmas “deals” or urgent messages about undelivered packages.
A recent study by F5 labs showed that phishing increased by 150% between October and November. Attackers exploit the ironic combination of a relaxed holiday spirit and mad rush for Christmas shopping to trick users into revealing their credentials. One best practice is to hover over links before clicking on them, but as discussed in my article last week, attackers often use URL shorteners, making it difficult to tell if a site is malicious from the URL alone. Thus, it is important to use tools that can automatically block phishing sites for you, including advanced ones that cannot be detected through network requests alone.
2. Fake E-commerce Websites
Fraudulent websites often pop up during the holidays, offering massive discounts on popular products and/or offering free next day deliveries. These fake e-commerce sites are designed to either steal your payment information or send counterfeit goods, if they deliver anything at all.
With the proliferation of global commerce and startups, it can sometimes be hard to tell which of these new sites are legitimate. In addition to sticking to well known-retailers and avoiding deals that seem suspiciously cheap, there are some simple checks you can do to catch less sophisticated e-commerce scams. These include double checking URLs for misspellings/typosquatting and unusual domain extensions, checking the domain age, as well as looking at public forums for user reviews.
3. Malware via Holiday-themed Apps or Downloads
During the holidays, many people download festive apps, screensavers, or digital greeting cards. Some of these downloads, however, may come bundled with malware designed to spy on your activity, steal sensitive data, or lock your files for ransom. A seemingly harmless holiday-themed game might secretly install keylogging software on your device, capturing your passwords as you type them.
To avoid falling prey to such attacks, a simple best practice is to download apps and browser extensions only from trusted stores. Even with this precaution, there may still be many malicious apps/extensions that are not flagged by the official store (see my previous article on malicious Chrome featured extensions here). Thus, the best way to protect yourself is to have a browser native solution that can inspect and detect malicious extensions and downloads live.
4. Gift Card Scams
Gift cards are a popular holiday gift, and scammers take full advantage of their popularity. Scams can involve fake gift card websites, tampered gift cards in stores, or phishing emails pretending to offer free gift cards. A scammer might send an email claiming you’ve won a gift card, asking you to enter personal information to claim it. Another common tactic involves messages or social media posts containing a QR code that brings you to a fake login site.
Similarly, the best way to avoid this is to only purchase gift cards from trusted retailers, as well as have a browser native tool to help you detect any evasive sites mimicking login pages of legitimate retailers. QR codes are more challenging to handle as attackers know that most of our personal phones, which we will most likely be scanning these QR codes from, are completely unprotected. Thus, it is important that your browser security solution can also automatically check and block malicious QR codes from being scanned on your device.
5. Account Takeovers
Attackers often use the credentials they have harvested over the year or exploit weak or reused passwords, especially as people rush to create accounts for holiday shopping, to make unauthorized purchases during the holiday season. This is because it is especially difficult for banks and credit card providers to identify anomalous transactions during the months leading up to Christmas, as people frequently purchase gifts from multiple sites they may not regularly place orders from.
The best way to prevent this is to use a unique, strong password in every new site, perhaps using a password manager to help you keep track of everything. However, if you are like me and don’t trust yourself to be disciplined, a tool like SquareX can be that forcing function that prevents you from re-using passwords by blocking logins to sites that share the same password.
The holiday season is a time of joy and celebration, so don’t let cybercriminals ruin them for you. Now that you know about common holiday attacks, I hope that with the right precautions and tools in place, you can focus on the festivities and make lasting memories with your loved ones. Stay vigilant, stay secure, and have a happy holiday season! 🙂
Silent Hacks, Deadly Nights: Protect Yourself from Holiday Cyber Threats was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from SquareX Labs - Medium authored by Audrey Adeline. Read the original post at: https://labs.sqrx.com/silent-hacks-deadly-nights-protect-yourself-from-holiday-cyber-threats-a8cf6abefded?source=rss----f5a55541436d---4
