The Christmas holidays are fast approaching; individuals and businesses alike are winding down and setting out for a relaxing end to the year. However, one group of people are starting to pick up the pace, keen to work throughout the holidays and exploit what they have to offer. Cybercriminals across the world are gearing up for the skyrocketing online sales that come hand-in-hand with Christmas, as well as security laxity from businesses during this time. Essentially, the Christmas period is a “feast for threat actors”, according to security experts.

IBM estimates a notable increase of purchases made on mobile devices that account for 16.5% of all online sales. Mobile traffic made up nearly 30% of online seasonal holiday shopping. The downside, in terms of security is that cyber criminals will develop more malicious apps, or will strengthen phishing campaigns over mobile and social networking platforms. A multiplying number of services for online shopping are offered on those platforms and IBM predicts a significant rise of cybercrime, mainly interconnected to computer scams and identity theft.

Big box retailers are prepared for the wave of online shoppers. In the majority of cases, they have redesigned their mobile sites, launched new apps, and are offering some consumers customized shopping experiences on social networks and mobile platforms.

Cybercriminals consider the holidays to be a successful period to concentrate their activities. It’s crucial for internet users to consider the risks related to online shopping and avoid behaviours that could reveal them to fraud.

Dangers during the Christmas holidays

During the holidays there are environmental circumstances that could further expose Internet users to the risk of cybercrime.

• Be aware of holiday phishing, especially on mobile devices. During that period, the number of malicious emails that serve malware as an attachment or that contain links to compromised websites increases. Mobile platforms and social media are becoming a privileged channel to spread phishing messages. Phishing messages propose special offers, taking advantage of the holiday period that’s characterized by a spike of online shopping. As usual, cyber criminals attack customers of banks and other financial institutions by asking victims to confirm information related to their account for security purposes.
• Smishing messages direct victims to visit a website or call a phone number, at which point the person being scammed is enticed to provide sensitive information, such as credit card details or banking credentials. Malicious shipping notifications belong to this category of scam. Cybercriminals use it to send out fake messages to update customers on the status of their shipments. Usually, these messages include a malicious link or carry malware. During the holidays, internet users place numerous orders online, and the likelihood that they wait for shipping notifications is high. That’s why this scheme of attack is very efficient, especially during the holidays.
• Wi-Fi hotspots are dangerous hunting grounds for hackers. Users aren’t aware of the risks they are exposed to once they’re connected to insecure networks. The last Norton 2013 report highlighted potentially risky behavior on insecure Wi-Fi. The majority of users access their social network accounts (56%) and personal email (54%), and around 29% access their bank accounts, while many make online purchases (29%). That data gives an idea of the exposure users have on insecure Wi-Fi, but what’s really concerning is that more than a third of them don’t adopt any defensive measures, and incur bad habits during navigation (e.g. sharing passwords, not logging off after having used a public WI-FI connection). Almost every Wi-Fi hotspot is insecure. According to InfoSec ‘Out of the 31 Million hotspots evaluated, 25% of Wi-Fi networks have no encryption or password protection of any kind whilst 3% of hotspots use WEP (Wired Equivalent Privacy) to encrypt data, a protocol that can be “cracked” in minutes using tools freely available on the internet.’ Doing online shopping on these insecure Wi-Fi hotspots can ultimately to expose user accounts to identity thieves and scams. Be aware, antivirus and similar software won’t shield you on an open network, hackers are over your shoulders.

How to stay safe online during the holidays

Law enforcement and numerous organisations are sending alerts to internet users, cautioning them about cyber threats that are particularly serious during the holidays.

Bad habits, absence of defense mechanisms, and a lack of awareness of major cyber threats expose users to the risks of fraud.

The following are a few suggestions to help increase the level of security of users’ online experiences, especially during holiday shopping.

• Keep anti-virus software up to date: Before you start shopping, make sure all software on your computer is up-to-date, including your browser, the security updates recommended by your operating system and other apps you may use. This will stand you in the best stead for the approaching holiday shopping season. You can also run updates on your firewall and anti-virus software to make sure you have the most recent security updates. Don’t just update your laptop either. Make sure your tablets, phones and any other devices you use have appropriate security software and latest operating system updates on them also.
• Check your bank statements and be careful when using debit cards. Be extra diligent when checking your bank and credit card statements and report any foreign transactions promptly. If you want to carry out good practice for online transactions, use credit cards or a PayPal account that’s linked to a credit card. Banks have several safeguards to prevent fraudulent withdrawals, but if you card is cloned you’ll often have a delay before your money is returned whilst an investigation takes place.
• Don’t download apps for your mobile device from unrecognised sources. Always use official app stores such as the Apple App Store, Google Play and the Amazon App Store. Malicious apps could serve malware, and could be used by cybercriminals to extract sensitive data, bank accounts details, and hinder your holiday shopping. Be wary of “permissions” granted to any application you run on your device, applications must have only obligatory permissions. Always check the reputation of the app, looking for a secure device for your online shopping.

The Christmas period demonstrates a clear rise in cybercriminal activity targeted at businesses, individuals and organisations. Whilst security becomes particularly real and crucial during this time of year, the truth is that cybersecurity is important 365 days of the year. This requires consistent analysis of a business risk profile and the new methods being used in order to target customers. Actioning and acknowledging this will allow organisations and individuals best protect themselves against the current and materialising cyber threats.

If you would like to have a cyber-safe Christmas consider Salt Communication. We understand the security of mobile communications in today’s global business environment is paramount, that’s why Salt Communication is built with the features and technology to keep your communications private and compliant.

If you have any questions about this article, please contact us on marketing@saltcommunication.com and we’d be happy to assist you in any way.

About Salt Communications

Salt Communications, ranked in the top half in the Cybersecurity 500, provides a fully enterprise-managed software solution that enables absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. The Salt Communications Desktop and Mobile apps are intuitive and easy to install and use. The Salt Communications Communication Manager provides a console for tight management of users and can be configured for the management of regulatory compliance. Salt Communications is headquartered in Belfast, Ireland, for more information visit saltcommunications.com.