Cybersecurity Tips for Safe Shopping: Stay Safe Online This Black Friday and Christmas

Cybersecurity threats are becoming more sophisticated, posing risks to individuals and organisations alike. A simple email, text message, phone call or wrong QR Code can be the starting point of a devastating scam. Understanding what they are, how to recognise them, and how to prevent falling victim is crucial for safeguarding your personal and financial information, as well as your organisation’s database. A breach could allow hackers to compromise sensitive data or infect systems with malware.

As we mark Cybersecurity Awareness Month, here is some critical insights into how to safeguard yourself against these threats, as well as tips on avoiding scams through SMS, phone calls, email and QR codes. With cybercrime on the rise globally, it’s crucial to stay informed and vigilant.

What Is Phishing, Vishing, Smishing and Quishing?

Phishing

Phishing involves fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details by acting as a trustworthy entity. This typically occurs via email, where attackers create realistic-looking messages that prompt users to click on links or download attachments.

  • Unusual Sender: Check the sender’s email address carefully. Legitimate organisations usually have official domains.
    www.google.com vs www.go0gle.com – (using the zero instead of an “o”)
    www.amazon.com vs www.amaz0n-security.com – (mixing the brand with urgent extra words.)
  • Some phishing sites use less common domain extensions
  • Generic Greetings: Phishing emails often use generic greetings instead of your personalisation.
    “Dear [Your Name], Thank you for using our service.” vs  “Dear Valued Customer, we need your attention immediately!”
  • Urgent Language: Scammers often create a sense of urgency, claiming your account will be suspended or that immediate action is required.
    “Your account has been updated successfully.” vs “URGENT: Your account will be suspended unless you verify your information within 24 hours!”
  • Suspicious Links: Hover over links to see the actual URL before clicking. If it looks strange or unrelated, do not click.
    “To reset your password, please visit: www.securewebsite.com/reset” vs “To avoid account closure, click here: www.untrusted-link.com/verify”
Vishing

Vishing, or voice phishing, is a variant of phishing that occurs over the phone. Scammers often impersonate legitimate organisations, such as banks or government agencies, and use social engineering techniques to convince victims to share sensitive information.

  • Unexpected Calls: Be cautious of unsolicited calls asking for personal information.
    “Hello, this is Sarah from XYZ Bank. We noticed some unusual activity on your account. Can you confirm your account number for verification?”
  • Pressure Tactics: Scammers often pressure you to act quickly. Legitimate organisations typically do not rush you.
    “This is John from the IRS. We have an urgent matter regarding your taxes. If you don’t respond immediately, a warrant will be issued for your arrest! Please provide your PPS number to resolve.”
  • Caller ID Spoofing: Be aware that attackers can manipulate caller ID to make it appear as though they are calling from a trusted number.
    “Hi, this is Mike from the Microsoft support team. Your computer has been sending us error messages. Can you provide remote access to help fix the issue?” (The caller ID shows “Microsoft Support,” but it’s a scammer.)
Smishing

Smishing combines phishing with SMS (text messaging). Attackers send fraudulent text messages that often include malicious links or prompts for personal information. The messages may appear to be from reputable sources, making them seem more convincing.

  • Unsolicited Text Messages: Be wary of texts from unknown numbers, especially those containing links.
  • Poor Grammar: Many smishing attempts contain spelling and grammatical errors, which can be a red flag.
    “Hello, your shipment is ready to delivery. Confirm at: [malicious-link.com].” (note the grammar –to delivery)
    Or
    “Urgent!!! Your pacel has been delayed. Click here to confirm your info: [malicious-link.com]” (note the spelling of pacel)
  • Offers That Are Too Good to Be True: If a message promises large sums of money or exclusive deals, it’s likely a scam.
    “📦 Your parcel is on hold! Please verify your shipping details immediately to avoid delays: [malicious-link.com].”
    or
    “IMPORTANT: We were unable to deliver your package. To reschedule, please verify your address here: [malicious-link.com]”
Quishing

Quishing is a type of phishing attack that uses QR codes to trick users into revealing personal information or installing malware. Scammers embed malicious links in QR codes, which, when scanned by a smartphone, direct victims to fraudulent websites or download harmful software. Since QR codes are often trusted and widely used, attackers exploit them to bypass traditional security measures.

  • Suspicious or unknown QR codes: Appearing in unexpected places, emails, or messages without clear context.
  • Strange or unfamiliar URLs: After scanning, the website link looks odd or untrustworthy.
  • Requests for sensitive data: Immediately asking for personal information, login credentials, or payment details.
  • Urgency or pressure tactics: Scammers create a sense of urgency, like claiming limited offers or account issues.
  • Lack of context: QR codes without accompanying information or clear purpose.

Prevent Falling Victim

Be sceptical: Always approach unsolicited communications with caution. If it looks strange, avoid it.
Verify the source: Contact the organization directly using official contact information if you receive a suspicious email, text, or call.
Use security software: Antivirus programs and spam filters can protect you from phishing emails and malicious links.
Educate yourself and others: Stay informed about the latest scams and share this knowledge with friends and family.
Enable two-factor authentication (2FA): 2FA adds an extra layer of security to your accounts, making it harder for scammers to gain access, even if they steal your login credentials.
Inspect QR Codes Regularly: inspect them regularly too ensure they havent been tampered with.
Use QR code Scanning Apps with previews: Choose QR code scanners that allow users to preview the URL before opening it.

Global and Local Impact of Cyber Crime

Cybercrime is a global issue with staggering financial consequences. Worldwide, phishing alone results in an estimated loss of over $50 billion annually. Ireland has seen a significant increase in fraud-related crimes, with a 370% rise in such incidents since 2021. The average financial loss per phishing case in Ireland can range between €2,000 and €50,000, with total annual damages amounting to €310 million.

Stay Safe During the Festive Season

As we head into the festive season and approach Black Friday, cybercriminals often ramp up their activities. Phishing, vishing, smishing, and QR code scams can turn your holiday shopping into a nightmare. Remember, being vigilant and informed is your best defense against cybercrime.

“Don’t let phishing, vishing, or smishing turn your holiday shopping into a horror show! Stick to safe clicks and avoid falling for cyber tricks!”

By staying alert and adopting security best practices, you can effectively guard yourself against evolving cyber threats. Phishing, vishing, smishing, and Quishing scams can all be thwarted with a little vigilance and awareness. Stay informed, protect your data, and don’t let scammers spoil your holiday cheer!

Search for your perfect domain name...