News Security awareness

5 Christmas gifts your users should watch out for

Every Christmas, it’s the same; cybercriminals use digital Christmas cards and greetings to infect and trick users. The threats and scams are not unique, but the attacks are more frequent and increasingly sophisticated. Nimblr lists five of the most common “Christmas camouflaged” threats.

During the Christmas season, lots of digital Christmas cards and greetings are sent. At the same time, Christmas is one of the holidays when we do the most online shopping, search for appropriate Christmas gifts, and communicate with distant friends with whom we are not usually in touch.

Digital Christmas cards are becoming increasingly sophisticated and often contain software code, animations, or forms. Every year, cybercriminals exploit this to trick us out of our login details and credit card numbers or to infect our systems with malicious software code. In this article Nimblr lists five of the most common digital threats this holiday season.

  1. False delivery notices for shipments
    The festive season usually sees an increase in fake delivery messages, where cybercriminals want you to believe that a delivery has been faulty or delayed. The delivery messages may appear to come from several different shippers, such as FedEx, DHL, or Postnord, and often contain a link or an attachment that can infect your system. Avoid opening attachments or clicking on links in these types of messages. If you are unsure about the authenticity of a delivery message, you can try tracking the shipment ID listed in the message on the expeditor’s own website.

  2. Gift cards from banks and shops
    With fake messages from well-known companies, cyber crooks want to trick you into thinking that – through special Christmas offers – you have the opportunity to receive a Christmas bonus. To take advantage of the Christmas offer, you are directed to a website similar to a well-known bank or online shop, where you are asked to enter personal details such as your name, credit card details, bank account, etc. The information is used by the fraudsters to hijack your accounts or is sold on to other criminals.

  3. Fake shopping websites
    Through legitimate banners or spam mailings, you are tricked into shopping from fake websites. The websites often use well-known logos and products offered at bargain prices. You are enticed to order goods and pay by credit card, but the goods are never sent. Make sure that the links to the online shops you visit are genuine and that HTTPS sites have the correct certificates.

  4. Digital Christmas cards with malicious software code
    Fake Christmas greetings by email are common, asking you to click on a link to receive the Christmas greeting. These links often lead to websites that infect your systems. Legitimate Christmas greetings should, as a minimum, include the sender’s name and email address, but even these may have been stolen for use in the attack. Never click on links in emails that do not state the sender’s real name and email address, and never download anything from the page you are referred to.

  5. Fake charity campaigns
    Many charities hold campaigns during Christmas and people are often extra generous during the holidays. This is exploited by scammers who use the logos of well-known charities in fake mailings, asking you to provide personal details and donate money. The personal details may be used for identity theft and the money donated does not go to charity at all. Use the charities’ own websites if you want to donate to charity this Christmas.

    Nimblr’s Micro Training can be performed directly on the mobile phone or in the computer’s browser. No login details are required by the user, instead each user is identified through the unique link in the email invitation. The system also sends reminders to users who have not completed courses within a given time frame and continuously reports the completion rate to the administrator.