Cybercriminal tactics change, evolve and escalate every year-end, but good cyber hygiene tips bear repeating now and all-year-round…

Every year, especially during the November to December/Jan festive period, people fall victim to online scams amounting to millions of lost dollars.

Last year, the most popular holiday, according to the FBI, were phishing scams, including voicemail-based phishing (vishing) and SMS phishing (smishing). Another favorite of cybercriminals was to send out “non-payment” and “non-delivery” emails to phish for victims.

This year, phishing remains the number one tactic used by cybercriminals for a reason. According to Stu Sjouwerman, CEO, KnowBe4: “As humans, we inherently trust requests coming from people and institutions that we know. This is generally exploited by cybercriminals through spoofing email addresses and phone numbers. Phishing is even more prolific during the holiday season as people tend to lower their defenses.”

This festive season (and all through the new year), do keep these cyber hygiene tips (adapted from the recommendations by the firm) in mind:

    • Trust no email without exhaustive checking!
      Exercise caution when clicking on links or opening email attachments, even if they come from familiar or regular sources. Watch out for emails (phishing), text messages (smishing), phone calls (vishing), or voicemails that try to convince you into revealing personal or financial information. Always verify the legitimacy of requests (do it offline if necessary) before providing any sensitive information.
    • Verify before you buy
      When shopping online, make sure you are dealing directly with reputable sellers and websites, and not through referral links that could be rigged or hijacked by fraudsters. Double-check seller reviews and ratings, but know that even these can be artificially jacked-up with fake endorsements and shady marketing services. Be wary of deals that seem too good to be true. If possible, use a credit card or trusted payment platform that offers buyer protection. Even better, use a debit card with minimal funds specifically topped up only when necessary. Avoid clicking on links in emails or social media ads: instead, navigate manually to the legitimate sites you want to buy from, or those trusted sites that you have already bookmarked.
    • Cybercriminals attack your instincts
      Cybercriminals know that if something feels off or too good to be true, you may trust your instincts. So they will go to great lengths to stop you from reacting cautiously to your instincts. To stay safe, never be rushed into any deal, and ensure that your instincts are on a “doubt-first, commit later” frame of mind. Take a step back, pause, and thoroughly scrutinize the situation or offer before making any decisions. Teach yourself to be suspicious of any messages containing a “stressor” — something that tells you to “act NOW! or else negative consequences will happen”. Most professional messages, even if they need you to respond quickly, rarely contain threatening “Do it now or else” tone of voice.
    • “Delivery failure” scams await you
      Be particularly mindful of delivery note scams this time of year, because when we order more things online, we expect these types of messages and are more likely to believe the contents when we should not.
    • Conduct your own due cyber diligence
      Always research and verify investment opportunities before committing any funds. Consult with a licensed financial advisor or conduct your own due diligence to ensure the legitimacy of the investment opportunity and the individuals or companies involved. In addition, know that even with your best efforts, you cannot rely totally and solely on yourself to keep secure online. It is crucial to utilize strong additional cybersecurity measures such as firewalls, virtual private networks, anti-malware/phishing software; and regularly monitor your investment activities for any unusual patterns.

Additionally, cyber diligence needs to be kept updated. Stay informed about the latest scams and techniques used by cybercriminals by subscribing to various newsletters. Regularly review guidance from trusted sources such as law enforcement agencies, cybersecurity organizations, or consumer protection agencies.