The Christmas period is when we all tend to increase our online shopping, especially for those Black Friday and Cyber Monday deals. Unfortunately, this in turn gives hackers a greater opportunity to scam unsuspecting buyers. Not only that, but the Banking and Payments Federation Ireland (BPFI) reported that card fraudsters stole nearly €45 million through frauds and scams in the second half of 2021, which was a 50% increase from that period in 2020. The National Cyber Security Centre (NCSC) released their Seasonal Cyber Awareness report to warn Irish shoppers of the dangers they could face in the Christmas season.
What are the different types of these scams?
They reported that email phishing is the most common type of cybercrime, but there’s also SMS phishing (or ‘smishing’) where malicious links are embedded in popular message and social media apps. Other common attacks are:
- Fake refund or shipment tracking sites that steal and keep your details like your username, password, and credit card details. The success of these tactics is based on the increased urgency people feel to track their purchased goods in order for them to arrive in time for Christmas.
- Business Email Compromise (BEC) where hackers pretend to be a company’s CEO or other senior executive in your business. They send emails to employees asking them to buy a physical gift card and send the code on the voucher to them. They claim that it’s for staff bonuses or gifts for a client so as to remain unsuspecting.
- Christmas messages from untrusted sources asking a user to click a link, play an audio or video file, etc. Even if you trust the source, they may have been compromised so the NCSC warns to always be vigilant, especially when the number of these types of emails increases greatly.
What do I do if my details have been compromised?
The NCSC recommends to:
- Contact your bank or credit card company.
- Report the crime to your local Garda station.
- Reset your login details for the affected accounts.
Here’s more security advice:
- Research who you’re about to shop from and ensure they’re trustworthy. Read their online reviews and sales history.
- Use a credit card or a virtual credit card when purchasing online. Some companies like Revolut allow you to create a one-use card so you can keep your main credit card safe.
- Never send credit card details by email.
- Where possible, type in the URLs to sites you want to visit, rather than clicking on links. This brings you straight to the site without having to click the malicious link.
- Watch out for fake websites that looks the same as another one, but re-directs your payment to a different account (and will not ship what you wanted to purchase). Check the URL or contact the vendor if you’re suspicious of the trustworthiness of the site. Also, check that the URL begins with ‘HTTPS’ rather than ‘HTTP’ as the ‘S’ guarantees that they have an SSL Certificate. We cover what exactly an SSL Certificate is over on our website.
- Use a strong password. Make one that’s at least 12 characters long, complex, has numbers and symbols, and not re-used.
- Watch out for invoice re-direction or Business Email Compromise (BEC) fraud that’s common at this time of year. This is where you may get emails from vendors or clients notifying you of a change of bank account and requesting payments made into the new account. There is a high chance that this “new account” is the hacker’s account.
- Be cautious of public WiFi as it is often targeted by scammers. Never enter your bank account details when connected to a public WiFi, and use your mobile network or your hotspot instead. The NCSC advises the use of a secure and reputable VPN service if possible.
- Secure your accounts with 2-Factor Authentication. This means that every time you enter your password when logging into an account, a code is sent to your phone, so you have to enter that when logging in too.
- Use a reputable anti-virus software.
- If you have clicked a malicious link or app, then perform a factory reset on your phone (after backing up your data), contact your bank if your details are compromised, and reset passwords on accounts you used after you installed the app.
There’s even more tips on the NCSC website, and for other cybercrime advice go to the Garda Cyber Crime Bureau, FraudSMART and Europol.