E-commerce is anticipated to rise by 9.4% by 2024, forecasting to reach a staggering $8 trillion by 2027 for the first time, which is why following basic cybersecurity tips is important, especially during the holidays. As more individuals shop online, cybercriminals will have more opportunities to strike. Cyber scams are becoming more common throughout the holiday shopping season. As people continue with their holiday shopping and preparations, it’s critical to keep security in mind. To ensure a stress-free holiday season, people need to make sure their personal and professional information is secured. Here’s a summary of cyber threats around the holidays, and several cybersecurity tips to help people stay safe online:

Why Threat Operators Conduct Cyberattacks During Holidays?

Even though cyberattacks can occur any time of the year, they’re common over the holidays. There was a 200% increase in cyberattacks on e-commerce sites as the holiday season approached, with Amazon being the primary target. There are several reasons why threat operators target unsuspecting victims around the holidays. For starters, people are often more relaxed or in a buying frenzy around the holidays, and they’re less watchful. Additionally, they’re more inclined to utilize personal devices for professional purposes, or vice versa, possibly exposing even more sensitive data to cybercriminals and their scams. During the holiday shopping season, ransomware attacks are becoming more prevalent as they increase by 30% compared to regular months. More individuals online during the holidays is another reason why there’s an increase in cyberattacks. More individuals equal more possible targets and more opportunities for cybercriminals to break in.

Cybersecurity Tips People Should Follow During the Holidays

Being prepared for any cyberattack is a key aspect of cybersecurity. Here are a few cybersecurity tips that can imply the difference between people’s data remaining protected and being compromised:

1. Avoid Public Wi-Fi – Because public Wi-Fi requires no authentication, anyone, including cybercriminals, can use it. Cybercriminals can stand between users and the connection point and gain access to the data people send into the hotspot. Avoid using public Wi-Fi without password protection because it’s the least secure. If users need to use public Wi-Fi, use a Virtual Private Network (VPN) for the extra layer of security by masking their IP addresses and activities. Additionally, users are advised to avoid using public computers for online shopping, purchasing plane tickets, card transactions, or logging into personal accounts.
2. Avoid Phishing Scams – Holiday shoppers are sometimes targeted by phishing scams. Users should look out for signs of phishing scams, including urgent requests and odd attachments. According to research, threat actors begin 80-95% of cyberattacks using phishing. The shipping email scam is the most common phishing scam during the holiday shopping season. Users should never open any attached files or links if they receive emails that appear to be from shopping companies. It’s most likely malware.
3. Don’t Answer Calls Banks or Click on Links in Emails – Spam accounted for 56.5% of all emails in 2022, accounting for 122.33 billion global messages sent each day. Cybercriminals frequently send out fake emails or text messages containing links to malicious websites. If users receive emails or text messages from unknown senders, they shouldn’t click on the links. If users receive emails appearing to be suspicious, whether due to senders or the contents, users should utilize their email providers’ report tool to flag the emails. Users should do this before interacting with emails’ contents. During the holiday season, social engineering scams are also common. Most threat operators will masquerade as bank or credit card companies’ representatives and call users to report transactions on their cards. If it does happen, users shouldn’t jump into the conversation. They should hang up instead and call the number on the back of the credit card to ensure they’re speaking with real bank representatives.
4. Use Credit Cards – Users should use credit cards rather than debit cards when making online purchases, such as shopping or reserving a flight. If information from credit cards is stolen from data breaches, users can cancel the cards and request a new one. Users won’t be held accountable for any fraudulent charges, and the threat operators won’t have direct access to users’ accounts. When people apply for credit cards, it’s recommended to select one with zero-liability protection so that users aren’t liable for any unauthorized access. Debit cards don’t provide the same level of security. If threat operators obtain users’ debit card information, they can quickly deplete users’ bank accounts. If the threat operators succeed, putting the money back into users’ accounts may be difficult.
5. Use Secure Digital Wallets – If users are storing their card information in digital wallets, make sure the service providers have security measures in place. Even though the service itself minimizes the risk of keystroke logging or phishing, look for digital wallet providers that offer additional security features, including tokenization or biometric authentication. Apple Pay, Google Pay, and Samsung Pay are a few examples.
6. Always Review Credit Card Statements – People should always review credit card statements regularly when buying online or reserving hotels, flights, and activities for holiday travel. It will allow people to immediately identify discrepancies or unexpected or unauthorized charges. If people come across any, they report them right away. Additionally, it’s a good idea for people to set up notifications for any transactions or charges to their bank accounts. It’s important to avoid tossing away papers, receipts, invoices, and other documents containing credit card information and personal information. To prevent identity thieves from gaining access to confidential documents in the garbage, shred or burn them.
7. Keep Software Updated – People keeping software updated is one of the best methods to protect themselves from cyberattacks. It includes users’ operating systems, web browsers, and any other software that people use regularly. Updating software may appear to be a bother for people, but it’s critical to patch any security vulnerabilities identified by cybercriminals. Threat operators are always seeking new ways to exploit systems, and software updates will assist in keeping them at bay.
8. Implement Strong Passwords – According to a 2023 Data Breach Investigations Report, 81% of data breaches used stolen or weak passwords. One of the most important things people can do to protect their online accounts is to use strong passwords. Avoid using words or phrases that are easily guessed, including “12345” or “abcdef.” Most accounts now encourage combining letters, numbers, and symbols to create stronger passwords. Users should use unique passwords for each of their online accounts ensuring that a breach in one doesn’t affect the others.
9. People Need to Be Careful What They Share Online – People need to limit the amount of personal information they share on social media and other websites because cybercriminals can obtain peoples’ personal information by glancing at what they’ve shared online. People should avoid saving their credit card information on the Internet. Unless people sign up for an automatic payment service, manually inputting credit card information for each purchase is good practice. Even though it may appear time-consuming, it helps to reduce the likelihood of unwanted access.
10. Shop on Websites That are Safe and Familiar – People should make note of their preferred shopping sites so they can go there fast and safely. Avoid typing the website’s name in the URL box as much as possible. It will keep users safe from typos that could lead them to fake websites that appear exactly like the real website.
11. Trust Your Instincts – If people have any doubts about the website’s trustworthiness, proceed with caution. People should consider any uncertainty as a sign that they shouldn’t make any transactions on the websites. Remember, if the offers appear to be good to be true, they most often are.

People need to be particularly cautious when shopping, arranging vacation plans, sharing information, or connecting with friends and family online during the holiday season. With the cybersecurity tips mentioned above, people can better protect themselves and have peace of mind while celebrating cyber-secure holidays. Phishing and social engineering attacks are the most common methods threat actors use to harvest legitimate credentials. SpearTip offers phishing and social engineering training as mitigation to enhance skills related to defending against these threats. The training tests the discernment of companies’ teams, educates employees regarding common phishing tactics and indicators, and identifies related security gaps in your environment. Our team creates phishing emails and social engineering simulations like those threat actors use and sends them throughout the organization. We provide insight and feedback to improve the cyber defenses of companies’ teams, leading to a profound decrease in the likelihood of being victimized by phishing or social engineering scams. After the training, our team provides precise and thorough strategies about how to harden companies’ environments and implement ongoing awareness training.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.