‘Tis the most wonderful time of the year for friends, family, and cyber criminals alike. 
 
As many cosy up by the fireplace, shop for gifts online, and plan outings over the holiday season, the global surge in e-commerce activity sets a prime opportunity for cyber criminals to steal your personal data. 
 
The only thing worse than a lump of coal for Christmas is discovering that your accounts have been compromised in a successful phishing attack, and at Onca Technologies, we’re committed to helping you keep your festivities worry-free. In our first blog entry, we’ll be discussing the most alarming cyber threats circulating this winter and provide top cyber security tips to protect you and your organisation against them.  
 
Phishing Scams 
Every year, retailers warn of cyber criminals that impersonate companies to steal customer data, including emails, passwords, and payment information. As promotional marketing increases towards Christmas, cyber criminals engineer convincing phishing emails that include promotional offers to lure recipients into opening a malware-infected link or insert their account details into a fake website. 
 
Delivery Smishing Scams 
Cyber criminals know it’s difficult for people to keep track of their expected parcels during the holiday season and seize the opportunity to impersonate delivery service providers. Threat actors have been known to send infected links via SMS disguised as a tracking information link, a missed parcel notification, or a failed payment for a parcel to hack your device. 
 
Public Wi-Fi Eavesdropping Attacks 
Although the offer of free Wi-Fi can be hard to resist, many public wi-fi hotspots are not end-to-end encrypted, which may put you at risk of an eavesdropping attack. Personal Identifiable Information (PII) revealed during your activity on the network, including accessing work emails, bank accounts, and personal messages, could be intercepted in a man-in-the-middle attack and used for nefarious purposes. 
 
Top Cybersecurity Tips 
Fortunately, the following cybersecurity tips can be adopted to safeguard against the cyber threats of the season. 
 
Remain Vigilant  
 
Always verify the sender’s identity and the legitimacy of any message you receive. Ask yourself: does the sender’s email address match the company they claim to represent? Does the promotional offer seem unrealistic? After hovering over the email link, does it lead to a different site than expected? If any of the above applies, report as phishing immediately. Although it is advised to check whether the email is written professionally, with the rise of AI assistive writing tools such as ChatGPT, be aware that this method is no longer a reliable indicator of legitimacy. 
 
Have Open Conversations with Friends and Family Members 
Discuss online safety with relatives, especially those that are vulnerable and less familiar with technology. Helping them recognise common scams can prevent fraud and identity theft. 
 
Avoid using Public Wi-Fi 
Avoid using public Wi-Fi networks – it’s better to be safe than sorry. 
 
Be Prepared with cybersecurity software 
Mistakes, such as using your work email for personal activities or accessing sensitive information on public Wi-Fi networks, can open doors to a cyber-attack not only for you, but also your organisation. An awareness of how cyber threats operate is only the first part of a two-fold layer of defence; the second is to install a trusted, robust cyber-security software that can prevent attacks that have never been seen before on the web (zero-day attacks). Zero-day attacks cannot be detected by generic anti-virus software, and thus adopting a sophisticated cyber security software to work in tandem with your standard anti-virus software is paramount to prevent cyber threats from infiltrating your system should a mistake occur. 
 
Knowing what software you need or who to trust when adopting cyber security measures can be daunting, but our expert team at Onca Technologies are here to help. Our team will identify your company’s cyber vulnerabilities and implement tailored security measures through our Digital Risk Protection (DRP) service. If you are worried about any of the cyber threats discussed in this blog, including phishing, smishing, impersonation, and email compromises and how they may affect you or your business, we’ve got your back.