On the eleventh day of Christmas,
the malicious actors gave to me,
Eleven Data Breaches,
Ten Naughty Support Calls,
Nine Spoofed Delivery Notes,
Eight Dodgy Wi-Fis,
Seven Infected Greeting Cards,
Six Fake Charities,
Five Suspect Gift Cards,
Four Dodgy Retailers,
Three Investment scams,
Two fake profiles,
And a phishing email in my inbox
11. Personal Data Breaches:
What to watch for: Data breaches that expose personal information, such as contact or financial information. This may also include your username (email) and password. Look out for:
Unexpected account activity
Strange emails or texts claiming to be from known services
Unfamiliar transactions on your accounts
Login attempts from unknown locations
TIP: regularly check haveibeenpwned.com to see if your data has been compromised.
How to protect yourself: There are various actions you can take to manage the impacts of a breach of your personal data:
Monitor your accounts regularly for unauthorised activity and consider using a credit monitoring service.
Do not reuse passwords across different services (or at the very least consider using different passwords based on trustworthiness of the site).
Better still, use a password manager
Always use Two-Factor (also known as Multi-Factor) Authentication. Avoid using SMS-based Two-Factor wherever possible.
Be cautious with sharing personal information online
Keep software and apps updated
Be extra vigilant for follow-up scams
10. Tech Support Scams:
What to watch for: Let’s be frank, unless you are talking about your company’s technical team and company devices, no-one is monitoring your devices and proactively wanting to protect you. Look out for:
Unsolicited tech support calls or pop-ups claiming to detect malware on your computer.
Callers creating urgency or fear about your device's security
Requests for remote access to your computer
Pressure to purchase unnecessary software or services
Demands for payment in gift cards or cryptocurrency
How to protect yourself:
Be cautious of unsolicited tech support calls or pop-ups
Do not click on any links associated with these notifications
Never provide personal information or remote access to your computer to unknown callers
Hang up immediately if you suspect a scam
Report suspicious calls to Action Fraud
9. Spoofed Delivery Notifications
What to watch for: Fake notifications that appear to be from legitimate carriers, often linking to malware or phishing sites. These may also be in the form of a physical card with a QR code to scan. Look out for:
Unexpected delivery notifications (from carriers or senders you don't recognise)
Suspicious sender email addresses
Requests for personal or payment information
Generic greetings (Sir/Madam)
How to protect yourself: It can be hard to spot, especially when you may be expecting so many deliveries coming up to Christmas:
Think as to whether you are expecting a delivery.
Check the sending email address, by hovering your mouse over the email name.
Look up the delivery company’s details through their website and contact them directly to confirm if this is legitimate.
Use official apps to track delivery
If in doubt, do not scan QR codes or click on links.
8. Public Wi-Fi Scams:
What to watch for: Spoofed public Wi-Fi networks that can be used to intercept data.
Fake WiFi networks mimicking legitimate ones
Man-in-the-middle attacks stealing your data
Password and banking details interception
Malware distribution through compromised networks
How to protect yourself: If you use public Wi-Fi:
Use a VPN when connecting to public WiFi
Verify network names with staff
Avoid accessing sensitive information on public networks
Enable your phone's mobile data instead when possible
Ensure you are accessing a site securely, check for 'HTTPS' at the start of the website address
7. Malware-laden Holiday Emails:
What to watch for: E-cards or greeting cards containing malicious links or attachments. Be suspicious of:
Unexpected e-cards from unknown senders
Pressure to open immediately
Generic greetings or odd sender addresses
Requests to download software to view the card
How to protect yourself: Be cautious of unsolicited e-cards or greeting cards, especially those with attachments or links. Avoid clicking on links or opening attachments from unknown senders.
Verify the sender through another channel
Hover over links before clicking
Use updated antivirus software
If in doubt, throw it out! (bin it)
6. Fake Charity:
What to watch for: Fake charities soliciting donations, often using emotional appeals. Look out for:
Urgency to donate immediately
Only accepting specific payment methods (like wire transfers)
Spelling errors in charity names or communications
No registered charity number
Unsolicited contact via email or social media
How to protect yourself: Research charities, on the Charities Commission website, before making donations. If you want to donate, do so through their official website, not links in their emails, and use secure payment methods. Do not be manipulated into making donations through undue emotional pressure.
5. Gift Card Scams:
What to watch for: Requests for gift cards to be purchased to make payment for goods or services. These could appear to come from the government, a family member, as part of a romance fraud, or utility company, as well as others.
Also watch out for, too-good-to-be-true gift card deals.
How to protect yourself: Be wary of requests for gift card payment, especially from unknown or suspicious sources. Legitimate businesses typically don't request gift card payments.
If you are buying guft cards for yourself or others as a gift, then do you research, make sure you care using secure payment options, and buy them from reputable sites.
4. Fake Online Shopping Websites:
What to watch for: Counterfeit online stores that:
sell goods at suspiciously (too good to be true) low prices.
use pressure tactics ("Only 1 left")
Unsecured website (no padlock/https)
Limited contact information or ways to contact the store
Odd or suspicious domain names
They may even impersonate real stores, using the what looks like the same interface/shop front and logos.
How to protect yourself: Research online retailers before making purchases. Look for:
reviews (away from their site)
trust seals/padlocks
secure payment options
Trust your instincts - if it seems to good to be true, it probably is.
3. Investment Scams:
What to watch for: Unsolicited offers for high-return investments, often related to cryptocurrency, stocks, or other financial instruments. These could extend to Christmas Savings Club scams.
This includes the rise in Deep Fake (AI produced videos) of trustworthy people promoting the (scam) investment. Recently Martin Lewis was impersonated on a video promoting an investment scam.
How to protect yourself: Research investment opportunities carefully and be wary of unsolicited offers or promises of high returns.
Speak to a reputable financial advisor to ensure your money is well invested
2. Social Media Scams:
What to watch for: Fake profiles, that may include phishing links, and fraudulent giveaways.
How to protect yourself: Be cautious of unsolicited messages and links on social media. Avoid clicking on links from unknown sources and be wary of offers that seem too good to be true.
Profiles are often setup to harvest contact information, or to gain likes and follows, which they later sell on with that profile.
If the profile looks like someone you know, doublecheck they are really them, for example is there more than one profile set up for one individual.
Do you have mutual connections?
How old is the profile, has it recently been set up?
1. Phishing Emails:
What to watch for: Emails that mimic legitimate companies or individuals, often containing urgent requests, attachments, or links.Some examples include:
Failed payment for a service such as Netflix, Disney+ etc
Account suspension or suspicious activity on your account
Missed Delivery Notification
How to protect yourself: Be cautious of unexpected emails, especially those with attachments or links. Verify the sender's address and avoid clicking on links or opening attachments from unknown sources.
Doublecheck sender details through a trusted source, like their website. If in doubt contact them through contact information off their website or a trusted phone number. Do not use details within the email itself.
However you spend the festive period, make sure you stay vigilant and look for signs of the Twelve Frauds of Christmas. This will ensure you can enjoy a safe and joyous festive period.
Check back tomorrow for the last update of the Twelve Frauds of Christmas.
Comments