As we are approaching Christmas, many of us will be doing similar things; looking out for great deals online and then getting them delivered to our homes. This is not unique to Christmas but, when you also include Black Friday and Cyber Monday, it’s the time of year when we are very vulnerable to cyber criminals.
One of the most common reasons people give me for falling for phishing simulations is that they were in a rush. In the moment, they didn’t spot the tell-tale signs of a phishing attempt. At first glance, the email looked genuine - it appeared to come from their manager, from a trusted source, and the sense of urgency felt real. Cyber criminals know this and often exploit busy periods, such as the Christmas rush, to their advantage.
Here are 2 things to be extra cautious about during the holiday period:
- Is it too good to be true?
We all love a good deal, especially when it comes to buying presents. Cyber criminals know this and exploit it. Picture the scene, you are casually browsing social media and you see an advertisement for the Lego set you want to buy, and it is a quarter of the usual price. Before making a purchase, you need to ask yourself a few questions:
- Is this really a trusted website? Just because it’s advertised on social media that doesn’t mean it’s trustworthy.
- Is it really the website you think it is? Website spoofing is common and a small change in a URL can go unnoticed.
- Do they want far more information than is necessary to deliver your goods?
If you have concerns about the seller, research them. Look on forums, reviews, and seek out whether they are a legitimate seller. If the deal seems too good to be true, then it probably is.
- Delivery notification fatigue
When you buy items online, you’ll receive multiple delivery notices, via text or email, and telling them apart is often very difficult. Treat every text or email as suspicious as it’s a very common way cyber criminals will try and catch you out.
They know you will have delivery notification fatigue and that you are more likely to click their link. If you do receive a notification that you are unsure of, it’s important that you don’t click.
Instead, it’s best practice to visit the website via a Google search (avoid clicking on the sponsored ads) and check if they have any parcel-tracking or login to your account to get delivery updates. Just because the text or email appears to come from your usual delivery/logistics company, it does not mean that it has.
