The festive season is upon us, a time for celebration, relaxation and a break. However, cybercriminals do not take a break; in fact, cyber fraud and cyber threats typically arise during public holidays, known as busy periods or during the weekend. This has been confirmed by a study completed by Semperis, reporting that 86% of participants who experienced an attack were targeted during a weekend or public holiday.
During the festive period, it is important to remain vigilant despite the heightened distractions in your own or your team’s personal and professional lives.
This blog will cover some of the common cyber fraud and cyber threats that businesses face and some practical strategies to safeguard your business operations and personal cyber security.
Common cyber fraud and cyber threats during the festive period:
Social Engineering is the use of psychological manipulation of individuals in order to gain unauthorised access to something, such as systems, sensitive information or buildings. It exploits vulnerabilities in human nature and trust through various forms of digital and physical mediums. Successful social engineering attacks often rely on urgency, fear or curiosity to deceive victims.
Examples of this that you may encounter over the festive period include:
- Malicious QR codes. It’s no secret we all typically consume more and go out more in December than in other months of the year. Whether that’s consuming a wider variety of food and drink, shopping for gifts, attending Christmas parties or simply catching up with friends and family, there are plenty of reasons why. QR codes are becoming increasingly common in daily life, and events like these are seeing a 4x increase in creation between 2021 and 2024. They can be found everywhere, such as on tables in restaurants and bars for the menu, in car parks to pay parking charges, in print advertisements like leaflets and billboards and even on food packaging to provide detailed product nutritional information. This increase in use has seen an increase in misuse, known as ‘quishing’. Cybercriminals are covering legitimate QR codes with malicious ones that direct users to malicious pages often designed to replicate the real thing. It is important to be careful when scanning a QR code and double-checking that the destination you are taken to looks as expected when scanning.
- Telephone fraud. Whilst these scams have existed for many years, they have evolved recently due to emerging AI technology. Cybercriminals are using artificial intelligence (AI) technology to clone people’s voices to further their fraud efforts. Be cautious of unsolicited calls from individuals, even if you recognise the voice, claiming to be a trusted source, such as your IT department, bank or client. These scammers will try to deceive you into providing sensitive information or performing harmful actions such as changing contact or payment details on your internal systems. These scams have evolved
- Business Email Compromise (BEC). BEC is a type of cybercrime where attackers impersonate trusted individuals via email to deceive employees into completing a harmful action, such as revealing sensitive information or making a fraudulent payment. These attacks often target specific employees, such as finance, HR or executives. An example of this attack could be a spoofed information request from an executive that they require urgently before they go on annual leave for the Christmas break.??
- Online shopping scams. Online shopping is very convenient for a variety of reasons; there is an increased choice, often allowing more competitive pricing and the convenience of being accessible from anywhere. However, it is important to be wary of fake online shopping sites that mimic legitimate retailers to steal information, including payment information. We recommend only purchasing from reputable retailers and using payment methods such as Apple Pay, Google Pay or PayPal, as retailers will then not have access to your payment card information.
Our top tips for safeguarding yourself, your team and your business against cyber threats
With many team members having sensitive work information on their personal devices, such as access to a company mailbox on a personal smartphone, the need to protect employees both in work and out of work should be a top priority for businesses.
- Conduct regular security awareness training. Provide a comprehensive cybersecurity awareness program for all employees, designed to facilitate a culture of security awareness. The program should provide education on the basics of cybersecurity, social engineering attacks, and the current rising threats. At CTRL-S, we offer our Cyber Wise service, which is designed from the ground up to facilitate a culture of security awareness in your business.
- Enforce regular software updates. Keeping software and devices up to date ensures that security patches are installed when available, making the application or device less susceptible to attack.
- Use secure Wi-Fi networks. Public Wi-Fi networks can be incredibly useful. However, they have many compromises for security, including data interception, allowing attackers to monitor your internet traffic, weak encryption, allowing attackers to track your usage, and usage logging from the provider.
- Have strong IT policies. Knowing who can access what data, from where, and with which device is critical for a business to know where its assets are. Ensuring usage policies are clear with what is acceptable ensures your business data is only accessible where intended and provides employees with a clear framework to follow so they do not accidentally cause an incident.
- Be cautious when providing data. When providing data, be cautious of the source. Always think about whether the data you are providing would be necessary to perform the desired task. When making payments, always ensure they are made to a trusted, secure site and pay with secure methods like Apple Pay, Google Pay, or PayPal where possible.
- Having an effective switch off. Ensuring your business winds down for Christmas effectively will significantly decrease the risk of coming back to a nasty surprise in the new year. Stay tuned for our article next week, which will explore this in further detail.
By following these simple strategies, you can significantly reduce yourself from falling victim to a cyberattack this festive season and beyond. Remember, cybercriminals are always looking for new, creative ways to exploit vulnerabilities, both technical and human, so it’s always important to stay vigilant and proactive in your cybersecurity efforts. Follow us on LinkedIn for regular updates and our ‘review of the week series’ where Technical Director Matthew Jones discusses the threat landscape, relevant events, top tips and an insight into CTRL-S.
Finally, happy holidays from CTRL-S and stay safe! If you would like to discuss anything further with our expert team, don’t hesitate to get in touch.
