Don’t Let Cybercriminals Ruin Christmas, Says ESET

Guest written by: ESET

For many, Christmas is the most wonderful time of the year – but find oneself a victim of an online attack and the season may turn sour. With spirits and internet usage at an all-time high there’s no better time to lure a victim online – but don’t worry; ESET’s gift to its users this Christmas is the gift of knowledge, as we share defenses against these 12 threats.

1. Phishing: It may be the season of goodwill but that’s certainly not the case when it comes to cybercriminals. Phishing attacks usually occur via email and see users receive an authentic-looking email from a bank or organization luring them to enter their personal details on a similarly authentic-looking website.
2. Adware: You may have noticed that after you search for an item online, it starts to pop up on other websites you visit. This is known as adware, and is customized for users and may be monitored by spyware. While one may think these adverts are there to remind users to complete their Christmas shopping, the innocence of the pop-up is questionable.
3. Mobile Malware: If there’s one piece of technology that gets a lot of usage of the festive period, it’s the mobile phone. Unfortunately, it’s no safer than desktops or tablets thanks to the rise in mobile malware. As Lukáš Stefanko, malware researcher at ESET, recently said: “Mobile malware is a huge problem. [Because] users have more personal and sensitive information on their smart devices, including text messages, contacts, photos, emails etc, [they are increasingly under threat].”
4. Smishing: Most of us are aware of phishing attempts over email but what about phishing attempts over SMS? Typically, one will receive an SMS apparently from a trusted source – like Apple or a friend – advising users to click on a link and enter personal details. However, that SMS is forged and not from that trusted source at all.
5. Identity Theft: Busy sharing all of festive plans and holiday travel online? Think before it is posted. Simple details about one’s lifestyle can allow a cybercriminal to gather personal information and even trick users into giving out more. Social media websites are a gold mine of information for identity thieves.
6. Spyware: He sees you when you’re sleeping, he knows when you’re awake … It’s not Santa Claus we’re talking about, it’s the cybercriminals behind spyware – secretly installed malware often installed after a file is downloaded or pop-up is clicked. Spyware can monitor users’ keystrokes, read files, access applications and more – transmitting all the information back to the person that controls the spyware.
7. Spam: If shoppers been busy ordering all their Christmas gifts online, they may find themselves receiving even more unwanted emails than usual. Most of us receive spam, and although it’s not always something to worry about, it can be used to send malware.
8. Pharming: Like phishing, pharming is a type of online fraud but doesn’t require user to click on a bogus link sent via email. Instead, a user is redirected to a malicious site – despite having typed the correct web address. This year, up to 40,000 Tesco Bank users became victim to pharming attacks and 20,000 had their money stolen.
9. Ransomware: With the rocketing costs of Christmas, ransomware is one type of malware one won’t want to be faced with this December. It’s a type of malware where cybercriminals encrypt a device/information, demanding victims pay to have their devices/information returned to them.
10. Wi-Fi Eavesdropping: Doing a spot of festive shopping at a local coffee shop? Remember that not all internet connections are secured – which is to say encrypted – and that someone may be listening in and collecting your information. When transmitting payment details across unsecured networks, they can end up in the wrong hands.
11. DDoS Attacks: A Distributed Denial of Service (DDoS) attack can take the fun out of things like online shopping and gaming as it makes a service unavailable after flooding it with traffic from multiple sources. DDoS attacks have been cited as stealing Christmas for many – especially in 2014, after knocking PlayStation Networking and Xbox Live offline.
12. Password Security: The importance of a secure password has never been greater. Cybercriminals crack passwords for so many reasons – whether it’s to gather personal information about user or to commit fraud. If users receive a new device this Christmas, make sure to replace the default password with one that’s more complex.

While there are plenty of threats to be aware of, sensible online behavior and a cautious attitude will help ensure all that the yuletide celebrations run as planned.