The 12 Cyber Threats of Christmas

It may well be the most wonderful time of the year, but, unfortunately, cyber criminals are looking forward to the festive season too. They know that time out-of-office means it could be days before you realise your security has been compromised, and your business has been hacked. The increased likelihood of people being in a holiday frame of mind makes a cyber criminals task a good deal easier. Here at Reflective IT, we’re encouraging businesses to remain vigilant over the holidays.

The holiday season can be busy and distracting at the best of times, but combine it with the implications that Covid-19 has caused to businesses and the already significant increase in cybercriminal activity, it’s the perfect mix for hackers to strike without you knowing, until its too late and your security has been compromised.

Here is our Christmas run down of the 12 Cyber Threats we think you need to be aware of for your business this holiday season:

1. An unsecured public wifi or hotpot

Whilst it may seem like an extra level of convenience in the workplace, using unsecured WiFi or hotspots can really put your business’ security at risk. A public network is exactly that- anyone can be eavesdropping on your internet traffic. Keep things secure by using a VPN or tether from your mobile instead, especially for sensitive operations and messaging.

2. A phishing scam disguised as shipping confirmation

A type of phishing scam, it’s become a popular approach for online crooks, who are producing convincing fake messages purported to be from trusted companies. If in any doubt, check the company’s website to check on any order status, and never click on a link in the email itself.

3. A staff member unintentionally compromising your corporate security

Sometimes a data breach can come from an innocent mistake made by one of your own team. Mitigate the danger by ensuring all employees are fully trained in the latest cyber security protocols, and defend your business with scrupulous accessibility permissions.

4. A “There’s been a problem with your delivery” SMS

Another popular phishing scam, this sees victims receive a text informing them of a missed delivery, and the need to urgently get in touch. Clicking through can lead to malware or data theft, so never respond to such a message: instead, check the courier website itself for any delivery information.

5. A virus riddled Christmas eCard

An e-card can be a delightful seasonal message, but it can also be a tool used by hackers. Check the sender before opening such a card: if it’s not from a trusted contact, it could be sent by criminals, who use them to spread malware. Red flags include spelling mistakes, and attachments which end in “.exe” and even PDF cards that have malicious links in the attachment.

6. A fake branded seasonal offer

There are plenty of promotions running at this time of year, but be on guard against deals which come from clones of real brand websites. Look for spelling errors, unusual domain names (e.g. not ending in .com or, and never enter your details into such sites.

7. A gift card scam

You receive a message telling you that you’ve won a prize- you just need to share online and give them your details. The only prize is likely to be data theft, so avoid falling for this trick.

8. A charity scam

It’s good to give, but make sure donations reach a registered charity. Make sure your money goes to good causes- not criminals- by going to the charity’s website and not clicking through from a link in a message.

9. A watering hole attack

Criminals now profile their victims, and get to them via their favourite websites. Protect your network by installing software that alerts users to untrustworthy websites, or blocks access to those which have previously been compromised by security breaches.

10. A fake invoice and supply chain attack

If you receive an unexpected invoice, it could be another phishing strategy, so the same defence holds: never click on a link in such a message. Instead, contact the seller in a separate email or call to check the situation.

11. An internal HR holiday scam

Sometimes criminals take advantage of unusual festive staffing patterns and send fake emails to employees pretending to be from their own HR team- never click on links in such emails, as they will likely lead to malware being installed. Train all staff to do likewise, as such HR scams are proving highly successful for hackers.

12. Domain Name System (DNS) Attacks

Essential for any business, a domain name enables people to find you on the web. However, once a business stops paying for a domain name, that domain is then up available for anyone to buy and re-register. Hackers can then search and see which domains are up for grabs, re-register them, find previous emails registered in that domain and reset passwords, thus giving them unlimited access to sensitive files and data. Be aware of subscriptions that may expire over the holidays and take steps to keep your business safe from such threats.

The solution to festive IT security

Fill your stocking with: DNS protection from Cisco Umbrella, Anti-Virus End point protection and response, Multi-factor Authentication and wrap it all up with Cyber Insurance.

The best way to keep your business safe is to partner with the experts. At Reflective IT, we offer a complete range of services, solutions and staff awareness training for all of your organisation’s IT security requirements, tailoring our fully managed product suite to perfectly reflect the needs of your business. Why not discover how our leading IT support can help you, by getting in touch today on 0207 317 4535 or visit our security services page here for more info.

Posted in Security services.