This year we will see a monumental forecasted UK spend of £4.9bn across Black Friday and Cyber Monday alone[1], as many seek out festive bargains. Yet the season of goodwill will not be embraced by all, with some 20 million Cyber-attacks predicted before the close of 2016[2]. Scammers out there are getting increasingly skilled at turning jingle bells into alarm bells and top of their wish list is gifting themselves your money. Black Friday falls on 25th November this year, with Cyber Monday following, and these mark the beginning of a period of discounts both in stores and online.

Over the past few years, Black Friday has become a huge sales opportunity for retailers as 9 in 10 UK shoppers now do their seasonal gift shopping online[3]. It is very easy to click on any given link when we are caught up in the sales hype and finding great online deals. However, in this Digital Age, it is an unfortunate but increasingly common trend that those who do not take simple steps to secure their online lives are more likely to find themselves the victim of online fraud or crime. With so much personal data being fired into Cyberspace, often including an individual’s name, address and bank account details, we have created the perfect opportunity for seasonal scammers to entrap us.

Here are a few cyber-attack trends that could reduce our merry spirits and the balance in our bank accounts, if we don’t take care and be aware:

Phishing e-mails: One of the most common winter holiday scams is in the form of phishing (more generalised email) attacks. As has been the case in previous years, the number of financial phishing attacks is expected to rise during the Christmas period[4], researcher Kaspersky Lab has predicted.

Ahead of Black Friday, Action Fraud[5], has sent out warnings to consumers to stay vigilant as malicious emails purporting to be from online retail giant Amazon[6] are circulating. The malicious email claims there has been a problem with processing your order and therefore it cannot be shipped until you click on a link to confirm your account. Fraudsters are likely to use pages of legitimate shops, internet banking and payment systems to defraud victims of their hard-earned cash.

Social media: Social media platforms pose a danger, particularly so around the festive period, as people are more inclined to reach out to friends and family and inadvertently leaking sensitive data such as shopping trips, plans for a holiday and social events.

By posting regularly, social media can allow scammers to build up a rich picture of an individual and may put the person at risk of a spear-phishing (targeted email) attack. Posting holiday dates online could even lead to a physical break-in of the individual’s home, since address information is in the public domain. The potential result could be financially and emotionally damaging.

In addition, popular social media platforms such as YouTube, Twitter and Facebook have recently come under criticism for having fake news appear on feeds. This can include ‘malvertisements’, which could put you at risk of downloading malware onto your computer or mobile device, when looking to purchase goods. Therefore, when buying off the Internet, it is always important to properly research any online retailer who is unfamiliar to you, and access them directly through their official website.

New Cyber threats: As Cyber threats evolve and become more sophisticated, we are seeing new types of phishing and generating a new vocabulary altogether: ‘smishing’ (text message phishing) and ‘vishing’ (voice message phishing). These could cause havoc due to the fact that fewer questions will be asked over caller legitimacy, especially when you are busily making the most of the Black Friday weekend.

Earlier this year, one victim lost over £22,000 in a ‘smishing’ scam, after fraudsters claimed to be bank provider Santander[7]. The victim received a text message on an existing Santander message thread which had been ‘hijacked’, asking him to call a number regarding potentially fraudulent activity on his account. When the victim called the number, he spoke to fraudsters who asked him for a ‘one-time’ password and quickly siphoned £22,700, in multiple transactions, from his bank account.

It is unfortunate that during a time of celebration, the public’s trusting nature can be particularly exploited. The only way to address this is by ensuring you establish genuine authentication in order to avoid being a victim of scammers.

New shopping apps: 6 in 10 individuals are predicted to make purchases via a mobile device this Black Friday[8]. In the lead up to this, warnings have been sent out to warn shoppers of a surge in fake retail and shopping apps in the Apple App Store[9]. These fake apps are created under the titles of retail chains such as Foot Locker or Christian Dior. Although some are harmless spam apps, others are being created with the intention of stealing credit card details or personal information and others may lock an individual’s phone until the user pays a ransom.

Hackers are also gaining access to people’s accounts on certain apps. Customers of Deliveroo have recently come under attack from thieves who have been ordering takeaways for themselves. Deliveroo claims the problem stems from customers who were using the same passwords for Deliveroo as they used for accounts with other companies who had suffered security breaches. The food delivery company encourages individuals to “use strong and unique passwords for every service”.[10]

Don’t trust unknown Wi-Fi networks!: In the race to get things like Christmas shopping completed, the Internet has provided a time extension by enabling the purchase of gifts, at any time, through wireless networks. Although the season of goodwill also brings a myriad of freebies, free Wi-Fi should not be embraced as one. This can very easily lead to identity theft, resulting in those weeks of holiday gift savings being accessed in minutes. Free Wi-Fi networks tend to be very insecure, which means it is not advisable to complete any bank account transactions while using such networks, nor enter personal details like passwords or security answers. This is echoed by Troels Oerting, Head of Europol’s Cyber Crime Centre, who stated, “We have seen an increase in the misuse of Wi-Fi, in order to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections[11]”. The best advice is to use a trusted, secure Wi-Fi when completing online transactions.

Scareware: After all of the warnings sent out to us the impression we get is that anti-virus software should be top of our gift list this year. Yet scammers are already a step ahead, deploying scareware at this time of heightened cyber attacks. The virus software is gift-wrapped as a tempting box informing you that you have a virus and to click on the box in order to rid yourself of the virus. However, one click and the malware is downloaded and gifted to you from the scammers (scareware itself accounts for a quarter of all malware). Adware may also be triggered, decking your screen with pop-up advertisements that may cost you e.g. pop-ups which encourage you to spend money updating the anti-virus software which was never real to begin with.

Be safe – have a Happy Holiday!: It is clear that over this holiday season, there are scams threatening to release malware over your devices and also steal your money by taking advantage of the trusting nature of the public. Stop and think for a moment – you wouldn’t trust a stranger in the street posing to be from your bank, so why do so online or on the phone? Scammers exploit the trust of people who will give them personal details, without asking for any secondary authentication of their identity. Scammers particularly revel in the gullibility surrounding potential scams over the festive period. For this reason, it is important to be one step ahead in our knowledge of these scams; by doing so we can all have a safe and happy holiday!



[2] Metro, 17/10/2016 p. 2



[5] Action Fraud: the UK’s national fraud and Cyber-crime reporting centre



[8] Metro, 17/10/2016 p. 2


[10] Metro, 23/11/2016 p. 20