Don’t let cybercriminals ruin Christmas: Beware these 12 threats

For many, Christmas is the most wonderful time of the year – but find yourself a victim of an online attack and the season may turn sour. With spirits and internet usage at an all time high there’s no better time to lure a victim online – but don’t worry; our gift to you this Christmas is the gift of knowledge, as we share defenses against these 12 threats.

  1. Phishing

It may be the season of goodwill but that’s certainly not the case when it comes to cybercriminals.

Phishing attacks usually occur via email and see users receive an authentic-looking email from a bank or organization luring them to enter their personal details on a similarly authentic-looking website.

We explained everything you need to know about phishing in one of our previous features, detailing what to look out for in order to avoid becoming a victim.

  1. Adware

You may have noticed that after you search for an item online, it starts to pop up on other websites you visit.

This is known as adware, and is customized to you as a user and may be monitored by spyware.

While you may think these adverts are there to remind you to complete your Christmas shopping, the innocence of the pop-up is questionable.

Back in October, a number of Spotify Free users got more than they bargained for with questionable website adverts. 

  1. Mobile malware

 If there’s one piece of technology that gets a lot of usage of the festive period, it’s the mobile phone.

Unfortunately, it’s no safer than desktops or tablets thanks to the rise in mobile malware.

As Lukáš Stefanko, malware researcher at ESET, recently said: “Mobile malware is a huge problem. [Because] users have more personal and sensitive information on their smart devices, including text messages, contacts, photos, emails etc, [they are increasingly under threat].”

  1. Smishing

Most of us are aware of phishing attempts over email but what about phishing attempts over SMS?

Typically, you’ll receive an SMS apparently from a trusted source – like Apple or a friend – advising you to click on a link and enter personal details. However, that SMS is forged and not from that trusted source at all.

Earlier this year, we discussed one of the Apple ID smishing attacks and advised what you should do if it happens to you …

  1. Identity theft

Busy sharing all of your festive plans and holiday travel online? Think before you post.

Simple details about your lifestyle can allow a cybercriminal to gather personal information about you and even trick you into giving out more.

Social media websites are a gold mine of information for identity thieves. Learn how to change your online behaviors and stay safe on Facebook with our cheat sheet.

  1. Spyware

He sees you when you’re sleeping, he knows when you’re awake …

It’s not Santa Claus we’re talking about, it’s the cybercriminals behind spyware – secretly installed malware often installed after a file is downloaded or pop-up is clicked.

Spyware can monitor your keystrokes, read your files, access your applications and more – transmitting all the information back to the person that controls the spyware.

However, it’s easier than you might think to spot tracking apps on your mobile phone.

  1. Spam

If you’ve been busy ordering all your Christmas gifts online, you may find yourself receiving even more unwanted emails than usual.

Most of us receive spam, and although it’s not always something to worry about, it can be used to send malware.

TorrentLocker, part of the crypto-ransomware family, is just one of the types of malware that has been spread via spam emails from legitimate-looking companies.

  1. Pharming 

Like phishing, pharming is a type of online fraud but doesn’t require you to click on a bogus link sent via email.

Instead, a user is redirected to a malicious site – despite having typed the correct web address.

This year, up to 40,000 Tesco Bank users became victim to pharming attacks and 20,000 had their money stolen.

We share the details of the attack and other websites targeted in one of our features published this November.

  1. Ransomware

With the rocketing costs of Christmas, ransomware is one type of malware you won’t want to be faced with this December.

It’s a type of malware where cybercriminals encrypt a device/information, demanding victims pay to have their devices/information returned to them.

There is a lot of debate about whether victims should pay or not, as ESET’s David Harley explored earlier this year, but with a proper backup strategy, including keeping those backups offline, there need be no debate in the first place.

  1. Wi-Fi eavesdropping

Doing a spot of festive shopping at your local coffee shop? Remember that not all internet connections are secured – which is to say encrypted – and that someone may be listening in and collecting your information.

When transmitting payment details across unsecured networks, they can end up in the wrong hands.

We cover this and all the online shopping advice you need in our Black Friday feature. 

  1. DDoS attacks

A Distributed Denial of Service (DDoS) attack can take the fun out of things like online shopping and gaming.

It makes a service unavailable after flooding it with traffic from multiple sources.

DDoS attacks have been cited as stealing Christmas for many – especially in 2014, after knocking PlayStation Networking and Xbox Live offline.

  1. Password security

The importance of a secure password has never been greater. Cybercriminals crack passwords for so many reasons – whether it’s to gather personal information about you or to commit fraud.

If you receive a new device this Christmas, make sure to replace the default password with one that’s more complex. Discover our password essentials and review all your passwords for 2017.

While there are plenty of threats to be aware of, sensible online behavior and a cautious attitude will help ensure all your yuletide celebrations run as planned.

Check out these top 12 tips on how to be secure this Christmas and beyond.

Author , ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.