Christmas scams come home like nougat and cybersecurity experts have begun to warn in Spain of the danger that the Christmas holidays pose for savings. Cybercriminals are increasingly turning to special dates to try to steal your money and Christmas has already become their August because they will try to take advantage of generosity and the festive spirit to deceive you.
Although it is still early to detect and analyze specific threats in depth, experts make their cybersecurity predictions for this Christmas. The cruelest is the one that takes advantage of Christmas kindness in donations, but not the only one. Fernando Anaya, country manager at Proofpoint, urges consumers to remain alert and check the validity of emails, especially during the holiday season, to protect themselves against emerging risks.
The Cruelest Scam Uses Christmas Goodness
Cyberattacks are designed to prey on people’s emotions, and those related to charitable donations are a good example of this. Attackers create fake non-profit companies or websites that imitate well-known charities for phishing emails that continue to be successful year after year.
This holiday season, bullies are likely to use heartfelt donation requests to donate food or help people who need shelter during the winter. Cybercriminals are also likely to pivot their campaigns by using current affairs as a decoy, taking advantage of humanitarian situations, natural disasters and conflicts. Attackers will use every channel at their disposal to deploy similar tactics in phone calls, social media, printed materials, and advertisements.
The best way to avoid impostors is to work directly with legitimate, established charities, typing their web address into your browser to contact them, rather than clicking on donation links in an unsolicited message.
Poisoned gift card
Gift cards are a constant threat that intensifies during the holidays. This email attack is a social engineering tactic in which attackers pose as a high-level executive looking for help making a holiday gift. These frauds take advantage of trust by playing with the victim’s emotions. It all starts with a brief text message or email to feel out the victim and then ask them to purchase several high-value gift cards with company funds or pay up front with the promise of a refund. They will then ask for the card number and PIN to unlock it. It is advisable, in this case, to contact the supposed sender through another channel to verify and validate these procedures.
Impersonation of well-known brands: a constant danger
The impersonation of well-known brands intensifies during times of high consumption such as Christmas. Cybercriminals imitate big brands or e-commerce platforms to trick consumers with fake offers. Although Proofpoint has seen an increase in adoption of the DMARC protocol to protect against phishing, users should remain vigilant and verify the authenticity of emails.
How AI can help scammers
Generative AI, an emerging technology, could complicate threat detection. Cybercriminals could use this AI to create more credible phishing emails, convincingly imitating legitimate companies. This includes crafting messages about offers and promotions, as well as fake shipping notifications, which are common during the holiday season. Generative AI can create realistic content, such as emails, that complicates threat detection. Its use in cybersecurity represents a growing challenge in identifying phishing attempts and other scams.
Be careful with company emails
Bypassing multi-factor authentication (MFA) is another technique that could see an increase. Attackers could intercept MFA codes through fake or compromised websites, taking advantage of the increase in traffic on courier company pages during this season. The caution here is to avoid clicking on suspicious links and verify transactions directly from legitimate sources.
MFA is an additional layer of security that requires more than one proof of identity to access an account. Their omission by cybercriminals underscores the need for robust security practices and continuous verification of online transactions.