Popular Tactics Cybercriminals Use Around the Holidays

The holiday season is often a joyous time with a lot of celebrations and get-togethers (mostly virtual this year), but it is also a time of increased cybercrime. Criminals try to take advantage of distracted employees and careless behaviors during the holidays. We usually see an increase in activity beginning around Thanksgiving and lasting into the New Year. Keep in mind that cybercrime is something you need to be aware of all year long, however these are a few of the popular tactics that we see most often around the holidays.


Maximize Distractions

During the holidays, there are a lot times when employees are distracted or “checked out” and not really paying close attention to email, website browsing, or phone calls. Times like the last few hours of the work day, when people are traveling, or the days in between Christmas and New Years when good security practices might not be top-of-mind for employees. Cybercriminals try to maximize these distractions by sending phishing emails or scam phone calls at times when people are more likely to fall victim.

What can you do?

  • Always remain vigilant and never forget your security best practices.
  • Frequently remind your employees or coworkers to not click links in emails or give any personal information away on the phone.
  • Send friendly reminders during peak distraction times like the end of the work day or between Christmas and New Years telling your team to remain vigilant.

Utilize Fake Tracking Links

Online shopping always peaks during the holidays – especially in 2020. Cybercriminals try to take advantage of this by sending phishing emails with fake tracking links. Oftentimes, these emails look very legit and people don’t hesitate before clicking the link. Sometimes these emails even include an attachment with a “shipping update”. Take a moment to think about how much you’ve ordered online in the last month. Have you kept a detailed record of what your ordered, when/if it shipped, and with what carrier it was shipping? Most people do not take the time to do this, and won’t question when they get an email with some kind of tracking link before clicking. It can be very dangerous!

What can you do?

  • Keep a record of what you order online and when it is supposed to ship. This will help you stay more organized and be less likely to randomly click on tracking emails.
  • Rather than click links in a tracking email, instead copy the tracking NUMBER and then go to a web browser and search that number. If it is a legitimate tracking number, then the carrier (and tracking info) will pop up in the search results.

Take Advantage of Careless Employee Behaviors

In a survey by Info-Security Magazine, “half of participants admitted to using a work-issued computer or mobile device for online shopping” during the holidays. Careless behaviors like these can lead to compromised credentials, virus-ridden machines, or worse. In the moment, it can be easy for an employee to just “make a quick purchase” on their work computer without necessarily thinking about security. Cybercriminals try to take advantage of this by attempting to lure people to compromised sites through fake ads or phishing emails.

What can you do?

  • If there isn’t one in place, establish a firm policy about what is and isn’t allowed on work-issued devices.
  • Remind your employees of that policy and make sure they understand the importance of security during the holidays.
  • Frequently remind employees of the need for continued safe security practices during the holidays

Create Fake Charities

People like to be generous during the holidays by donating to charities. Unfortunately, the bad guys try to take advantage of this by creating and promoting fake charities (or attempting to trick you by copying real charities).

What can you do?

  • Research any charities that you plan to donate to. You can search their name along with the word “scam” and see if anything shows up.
  • Only donate to reputable charities and do it by credit card so you can have a record of your transaction.
  • Don’t click on links in emails that appear to come from a charity. Instead, search that charity’s name on Google and go to their website. As always, check for an SSL certificate and make sure the site is secure before submitting any credit card or personal information.

If you have questions about security during the holidays or any time of the year, our team is here to help! Give us a call to chat with our security experts today. Happy Holidays!