As the Christmas lights start coming on, work starts to slow down for the season and shops are bursting with everything from festive fashion to gifts galore, the run-up to Christmas can be an exciting time as everyone gets ready for the main event.
With Black Friday coming on Friday 24 November 2023, it's a wonderful time for Christmas shoppers to pick up some bargains — but it's also prime time for cyber scammers, who are always thinking up new opportunities and imaginative ways to part unsuspecting shoppers with their hard-earned money; and targeting businesses to steal valuable data and cause chaos to their systems at what is, for many, their busiest time of year.
Cheltenham-based cyber expert, North Green Security, is giving Gloucestershire SMEs and shoppers the gift of knowledge this festive season, sharing some of the most common cyber scams to look out for — and some top tips on how to avoid falling victim to them.
According to the National Cyber Security Centre, the average cost to each person who fell for a Christmas cyber scam in 2021 was £1,000, but for businesses the costs can be much greater. Ransomware attacks increase over the festive period — and with downtime costing small businesses up to £400 per minute, it's more important than ever to be extra vigilant at this time of year.
For employees who like to squeeze in a spot of online shopping on their work PC during their lunchbreak, it's vital they know to look out for fake or cloned websites and phishing scams, as they could put the entire organisation at risk, quickly spreading malicious software and compromising the entire network.
During the festive period, many people will be expecting parcel deliveries either to their home or work address — and scam emails and text messages claiming to be from legitimate businesses about upcoming deliveries are a common way for criminals to get people to click on links and visit fake websites. These kinds of criminal campaigns have already begun this year, with the team at North Green Security having already reported several to the authorities. For businesses, it's important that staff are on the lookout and know to check where messages have come from and never to click on, or respond to, any message if they're not sure who the sender is or what it relates to.
Malicious websites imitating real websites are another common scam, along with fake charity campaigns and social media shopping cons. Staff should always check things like URLs or email addresses and think twice before clicking, because if an offer sounds too good to be true, it probably is.
Criminals can also take advantage of people's festive spirit, so businesses should also be on the lookout for social engineering scams, where criminals send emails or messages that look like they've come from a director or a manager, asking the recipient to buy gift cards for colleagues or clients, or pay 'urgent' invoices for things like Christmas parties or gifts.
This 'urgent' theme and the perception that these messages have come from a trusted colleague are designed to deliver results for cyber criminals, so it's incredibly important to make sure that staff are aware of these kinds of scams and know to check the legitimacy of these emails before buying anything or sharing any kind of data.
Employee awareness is key to avoiding cyber scams which target individuals via email and text in this way — especially if your business operates on a skeleton staff over the Christmas period or takes on temporary workers who might not be familiar with the usual company policies. It's important to bring everybody up to speed on cyber security policies and provide the appropriate training, so everyone is aware of what to look out for, what to do in the event of a cyber attack and who to report any problems to.
For businesses which don't yet have a cyber security policy or training plan, North Green Security offers a variety of training courses to help, delivered in language that's easy to understand for everyone, even if they've got no prior cyber knowledge or experience.
For online and ecommerce businesses, the likelihood of being targeted by hackers increases over the festive season too. The additional personal and financial information being collected as Christmas shopping ramps up is an attractive prospect to criminals. It's vital to make sure your systems and data are properly protected — and that there's a continuity plan in place if the business does fall victim to a cyber attack, which could result in systems going offline, financial losses, reputational damage and regulatory fines.
Along with following North Green Security's 13 simple ways SMEs can improve cyber security, businesses can take the next step on their cyber journey by commissioning a penetration test to see how secure their system really is, with North Green Security's expert testers able to identify vulnerabilities and provide action plans to remedy them; or look into North Green's cyber security consultancy service, where they'll review your organisation's cyber security and put together a strategic plan tailored to your company's needs.
To find out more about North Green Security's pentesting and cyber security services, visit northgreensecurity.com.
If you or your business receives a phishing scam, you can report it to the National Cyber Security Centre by forwarding suspicious texts to 7726; forwarding suspicious emails to email@example.com; or reporting suspicious websites on the NCSC website.
If you or your business falls victim to a cyber attack where you're defrauded, report it to Action Fraud and your local police force.