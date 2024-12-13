The numbers don't lie: the Christmas period is a favourite time of year for cybercriminals, coinciding with an increase in traffic and online shopping. For this reason, it is worth learning how to identify the main scams that occur at this time of year and the most effective methods for circumventing them.

Electronic greeting cards

Over the next few weeks, many companies and websites will send Christmas greetings to their customers or registered users. Taking advantage of the situation, cybercriminals are distributing colourful, interactive missives that actually contain malware designed to steal confidential information or to take remote control of our devices.

If the sender of an unexpected greeting is unknown to you, don't even bother to open the message: delete it.

False delivery notifications

Another inevitability of email inboxes at this time of year is the notifications of a shipment or an attempted delivery. Confident in the knowledge that they have several packages on their way, some people are quick to click on the links they contain without stopping to check whether the courier company matches the one assigned to one of their online purchases. Many of these URLs are, in effect, links to malware downloads or fraudulent payment gateways (with the excuse of paying a small customs fee or other additional charges).

Make a list of all products purchased with their respective shipping companies and tracking numbers to check against your inbox.

Cloned websites

By now we all know which online shops are trustworthy and which ones look bad. But don't count your chickens: criminals design websites to resemble those of the best-known shops, getting you to land on their site via clickthroughs from advertisements making impossible offers that have been posted on social media or Google links. If you end up making a purchase on one of these sites, it is better not to bother waiting for the product in question.

Cybercrime experts recommend checking for the presence of a padlock icon next to the URL of the supposed shop. On the payment page, we should also check that the address starts with 'https'.

Gift card payments

Are you about to buy your gifts from an online shop and the only method of payment accepted is with Amazon or iTunes (Apple) gift cards? Stop the transaction immediately: the criminals will grab the balance on the card and you will never hear from them again. Recovering your money in these cases is much more complicated than entering a credit card number or paying through platforms such as PayPal, which is why we are finding an increasing number of people affected.

If you want to use a gift card to pay for your purchases, do so exclusively on the official website of the company selling that product(s).

Job offers arriving out of the blue

With the Christmas rush, job vacancies in sectors such as logistics and hospitality are on the rise. As a result, the web is flooded with temporary job offers ready to be filled. The problem is that some of these demands are not real. They are used to request sensitive information from the interviewee (such as their current account number, social security number or a copy of their ID card, which is then used to impersonate them in criminal practices).

Before applying for a job offer, we must verify that the company exists and that it is indeed looking for personnel. For the latter, we can ask their human resources department directly, or we can go to the recruitment section of their website.

Suspicious charging points and QR codes

Many winter scams also take place outside the digital world, such as fiddling with the USB charging ports that we often find in crowded public places like parks, train or bus stations and airports. This is done to steal information - known as 'juice-jacking' - from the devices we connect in search of a charge (usually smartphones or laptops). It can also happen that they end up infected by malware planted specifically for this purpose.

We should also be wary of stickers with QR codes placed on top of the original stickers in hotels, shops and hospitals. They too might direct us to some of the fraudulent websites mentioned above.

Cybercriminals also get their hands on credit card readers at petrol stations or ATMs (cashpoint machines): they attach devices called skimmers to them, with which they obtain all your data.

Carry an external powerpack with you to charge your devices if necessary and go directly to the websites you are interested in instead of scanning QR codes. If for any reason you have to insert your credit card into a reader, always do so in well-lit, secure areas and check that the cash machine does not show signs of having been tampered with.

As additional advice, experts from cybersecurity firm Kaspersky recommend keeping the software on all our devices up to date and getting into the habit of checking our bank statements daily to detect any suspicious charges immediately.