How the Cyber Grinch Stole Christmas
The Cyber Grinch hated Christmas! The whole retail season! With Christmas fast approaching, he exclaimed “It’s practically here, I must find a way to stop Christmas from coming!”. He sat at his computer with his red coat and hat. ‘With this hat and this coat, I look just like Saint Nick’ he said with a laugh.
The Grinch’s Great Cyber Tricks
The Cyber Grinch, just like all savvy cybercriminals, can utilise multiple avenues to cause disruption. Therefore, it is important that individuals and businesses remain vigilant over the Christmas period.
Here are some of the top tricks the Cyber Grinch has up his sleeve, which could cause trouble this festive season:
Fraudulent Websites and Phishing
Cybercriminals can recreate fraudulent websites that look virtually indistinguishable from their legitimate counterparts. Victims are subsequently tricked into making fraudulent purchases. In these situations, brands often suffer significant reputational damage and customers are left out of pocket and without the gifts they ordered.
Phishing emails are another form of attack that is popular during the Christmas season. Emails appearing to be from trusted brands, and offering big discounts, trick individuals into clicking on rogue links and inputting personal data. Furthermore, Christmas e-cards appearing to be from friends, co-workers or family can be used to trick victims into clicking on links that download malicious software onto their device.
DDoS Attacks Causing Retailers Downtime
Online retailers can be targeted by DDoS attacks which cause website and e-commerce downtime, impacting customer trust and brand reputation. In addition, point-of-sale attacks, which involve attackers putting malware on sale terminals can be used to scrape financial details from customers that are subsequently used to make fraudulent transactions. As a result, retailers should take the necessary precautions, such as deploying the latest always-on, real-time, DDoS protection and having privileged access security in both their front-end devices and back end IT infrastructure.
Taking Advantage of Reduced Workforces
Attackers can also target businesses in this holiday period, when they are likely to have skeleton staffing of security teams and more employees working remotely. Therefore, cyber criminals may have a greater chance of breaching systems unnoticed and employees could be more susceptible to phishing attacks. Therefore, it is essential that businesses continue to practice at least basic cyber hygiene and protection during the holidays.
Avoiding Coal in Your Digital Stockings
The Christmas season is the busiest shopping period. It is also one of the busiest times for cybercriminals. From disrupting online retailers with DDoS attacks, to stealing personal details through phishing, and infecting networks with malware and ransomware, cyber threats take numerous forms over the Christmas period.
Therefore, it is important that you take appropriate measures to protect yourself against cyber criminals this Christmas season. There are various ways to remain safe and secure online during the holiday period, which include:
- Install the latest operating system, browser and app updates
- Choose strong and separate passwords for each online account
- Shop at established websites and type in the their web address directly, rather than following links in emails
- Keep an eye out for unauthorized payments and report any suspicious activity to your bank, or credit card company, immediately
- Make sure all your home gadgets have secure passwords
- Avoid using public Wi-Fi when shopping online
By keeping these in mind, the Cyber Grinch won’t be successful ruining Christmas just yet, and by taking precautions whilst online you can ensure you don’t become a victim of any of the Cyber Grinch’s tricks.
Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.