Don’t let your cyber guard down this festive season if you don’t want to be targeted by online hacks, spoofs, and scams. This is how to protect yourself.
As parts of the world are bracing themselves for the holiday rush, buying gifts, preparing to travel, and spending time with loved ones, experts are warning of a spike in seasonal cybercrime.
According to findings by cybersecurity company Darktrace, ransomware attacks over the holiday season increased by 30 per cent every year from 2018 to 2020, compared to the monthly average.
For Ed Skoudis, the president of the SANS Technology Institute College who trains cybersecurity experts, the reasons for this rise are manifold.
“There are so many things you are doing during the holidays: parties, presents, shopping, this and that. You have less time and attention to be on guard and criminals know this,” Skoudis told Euronews Next.
The flow of money during this period also truly makes the end-of-year holiday “the perfect time of the year for criminals,” according to the expert.
Cybercriminals are targeting both individuals and companies, at a period where staff shortages mean firms “have their guards down,” according to privacy-focused tech company Proton.
With big amounts of data, such as credit card information, being churned by online retailers, criminals are also aware that attacks have a higher chance of yielding personal information that could be used for scams according to the tech firm.
Cybercrimes to look out for over the holidays
As online shopping reaches its yearly paroxysm, so do “phoney order confirmations from major e-commerce companies”. When in doubt, experts urge users to refrain from clicking on links.
Those on the road should also exercise caution when connecting to airport WiFi or public networks because personal data can be diverted and devices can be corrupted.
“Using a VPN is the best protection users can have when connecting to a public WiFi network (because it) will encrypt their network traffic. Even if someone is intercepting their data, they still cannot see it without decrypting it,” a Proton spokesperson told Euronews Next.
Skoudis also recommends being particularly careful about voice cloning, a spoofing technique that’s been on the rise with the emergence of AI for all.
“If I can get a minute or so of audio of someone, I can feed that into an AI and train it up, and then I can make you say anything I want,” said Skoudis.
“Imagine a criminal calls your family with your voice, saying ‘Oh, my gosh. I’ve been in a car crash and I need you to call this number immediately’. The person you call will confirm the events, saying they’re a doctor, and they’ll ask for medical records or put you through the billing department that will ask for a credit card to be added on file,” he explained.
“It’s really insidious and it pushes people’s buttons,” the cyber expert noted.
How to secure your online accounts ahead of the holidays
While cyber hygiene always calls for the use of strong passwords, up-to-date software, and multi-factor authentication, extra measures can be taken ahead of the merriest time of the year.
The SANS director, who has put together the 20th edition of Holiday Hack, an online game for raising awareness on cyber security for users of all levels, says one of the most important measures is to have access to email addresses used as backups of main mailboxes.
“I urge everyone to double-check that they still have access to their backup email accounts for their primary email account,” Skoudis said.
“So many accounts send an email to your primary email address if you’ve forgotten your password. But what if you can’t access your primary email address?” he asked, highlighting that password requests for main accounts usually land in the backup mailbox.
The expert said that an attacker could even log into your main email account and change its password, leaving you locked out if you’re unable to access your backup account to which an ‘I’ve forgotten my password’ message would be sent.
“It’s a great thing to double-check for the holidays,” he said.
On the more practical side, the expert also recommends saving bank and credit card numbers on phones, so that they can be reached in case of scamming.
“An email comes in and you click on it and you get scam. Two minutes later you’re like, ‘crap, I just got a scam’. Call the credit card company and the bank right away. The sooner you act, the less likely they’ll be able to transfer the money,” he concluded.