Christmas scams
Have a merry Christmas – but keep your eyes open for scams (Photo: Getty Images)

BusinessDecember 19, 2022

Twelve days of Christmas scams: How to stay safe over the holidays

Guest writer
Christmas scams
Have a merry Christmas – but keep your eyes open for scams (Photo: Getty Images)

You might be heading to the beach but scammers aren’t going on holiday, warns an expert.

Mince pies, mistletoe and the Christmas Day dinner menu – everyone’s got something on their minds in the build-up to the holidays, but one tech expert says there’s something else you need to stress about: scams.

Unlike almost everyone else, cyber criminals are not taking a break over the next few weeks. “There’s a lot of naiveity around cyber risk and how much people are exposed to,” says Russell Craig, Microsoft’s national technology officer. “It’s a good time of year [for] cyber criminals.”

That’s because we’re all distracted. With work coming to an end and holidays on the way for many, we’re less likely to be aware when we’re being scammed. “People are busier than usual. Therefore they’re less inclined to be cautious,” says Craig. “You get that email and you don’t take the time to look at it and you click on a link …”

Text messages from scammers impersonating courier companies asking you to track your delivery, or emails that ask you to click links and input your details, are on the rise, says Craig. So are offers of app downloads. Caution is advised. “If it sounds too good to be true it likely is,” says Craig. “Even if you recognise the sender, unless you were expecting the link do not click it because criminals like to redirect you to sites which look legitimate but are not.”

Then there are the upcoming holiday sales offering discounted Boxing Day and New Year’s deals. Scammers use those to target people too. “For a lot of Kiwis times are economically tough,” says Craig. “Scammers know we’re all looking for those really good deals and they’ll use that knowledge to try to trick us out of our money and data. They adapt their strategies to the social context and the time of year.” Some come from unlikely sources, like this high school reunion scam doing the rounds on Facebook.

Those scammers and the techniques they use are more sophisticated than ever. Cybercrime has evolved into a major global business, says Craig. “You are being attacked by people that work for the equivalent of an IT company. They’re giving [staff] paid holidays and medical benefits. It’s not a bunch of script kiddies … having a hack around in the back bedroom anymore.”

They’re after one thing and one thing only: your digital details. Any information they get can be used to gain access to multiple accounts. “If they can get into one account, maybe they can get your credit card details,” says Craig. “Or they can compromise your password. It may be the case that you’re using the same password for everything that you signed up to online.”

Netsafe, the online non-profit promoting online safety, agrees with Craig. In its last quarterly report, it found an increase in text-based scams many pretending to be local businesses. Of the 565 reports of financial losses it received from those who fell for a scam was $23,546, with a total of more than $13 million lost over the three months.

Classic cyber criminal behaviour (Photo: Getty Images)

With so much scamming going on, how does anyone stay safe? Some simple preventative techniques can make a world of difference, says Craig. Use different passwords, switch them up and employ a password manager to keep track of them all. Make sure your operating systems are updated, and if your software’s ageing, consider an upgrade. Also, and this one’s a biggie, set up multi-factor authentication. “[We’ve] found that this stops 98% of password-based attacks in their tracks,” says Craig.

Most of all, keep your wits about you, and question everything coming at you. “Whenever you receive a text or email, read it carefully to ensure it is legitimate,” says Craig. “If your personal details are in a message, this doesn’t mean it is legitimate either, as a scammer could be using data they got from a cyber breach. If in doubt go to the website of the company, get their main contact details from there, and reach out directly.” If you’re worried, Craig says companies like Netsafe and Cert NZ are there to help.

He deals with this stuff every day, but even Craig’s not immune. He’s noticed an uptick in the amount of messages he’s been getting from scammers pretending to be Netflix. “They look like Netflix emails [but] it was like, ‘Hang on, I know Netflix wouldn’t be contacting me about this type of matter.'” Instead, he logged on to his official Netflix page to see if there really was something he needed to look at. Surprise, surprise, There wasn’t. “People just need to be … suspicious,” he says.

Keep going!