It’s no secret that the holiday season tends to stir up our emotions: Whether it’s the joy of visiting family, the stress of searching for gifts, or the calmness of getting a few days off work, hackers see potential even in this. Cybercriminals like to take advantage of their victims’ emotions by using various social engineering techniques during the holidays, and they often get themselves a nice holiday paycheck as a result.
Contents:
What is social engineering?
Social engineering is a type of psychological manipulation that criminals use to extract sensitive data from people or get them to infect their devices with malware. These attacks usually target people’s sense of fear, curiosity, urgency, or even their desire to help others. If a hacker is skilled enough, they can trick people into giving away their passwords, social security numbers, bank account numbers, etc.
The most common types of social engineering
Social engineering may come in many forms, such as email, phone call, text message, or pop-up, and there are also many different techniques. Here are the most common types of social engineering:
Phishing. This type of social engineering involves a fake message that looks like it’s coming from a legitimate organization. For example, you can get an email from your “bank”, asking you to enter your bank login details through a given link.
Spear phishing. This form of phishing requires some research on the hacker’s side and is tailored to a specific individual. That makes the chances of success much higher.
Smishing and vishing. Smishing is a form of phishing that occurs through text messages, while vishing exploits phone calls instead.
Baiting. This is when a hacker uses “bait” to lure victims into installing malware. Examples of baiting include a fake coupon download link, a fake gift card, or a “free iPhone.”
Pretexting. This form of social engineering involves a fabricated story to fool a person into giving away information. For example, a hacker might tell you about a “crisis” going on at work and claim to be one of your managers asking for your login information.
Hackers keep track of the public’s general emotions and often tie their scams to the prevalent mood. For example, when COVID-19 first hit, loads of scams related to the pandemic tried to manipulate people’s fears and anxiety. Now that the holidays are around the corner, hackers are exploiting people’s stress, joy, and generosity.
Examples of holiday-related social engineering schemes
Fake gift cards. Hackers might send out “holiday gift card” emails and make them look like they’re coming from a legitimate organization like Amazon. Once you click on the gift card activation link, you’ll be redirected to a malware-infected website, instantly compromising your device and all data stored on it.
Fake coupons. If you like hunting for discounts online, beware of coupon scams. Since the holidays often bring great deals and coupon codes, scammers try to place themselves in this pool of legit coupons. They do it by “malvertising” their scams on social media or other online platforms. These scams often invite you to click on a link to download the coupon code, which usually means infecting your device with malware.
Fake delivery emails. So many people order packages during the holidays through UPS, FedEx, Amazon, or other delivery companies. Hackers often send out mass delivery emails, hoping that some recipients will bite. These emails might contain information about a “lost” package or ask a person to confirm their payment information.
Fake charities. The holidays often bring out the best in people, making them more willing to donate to charities. This drives up the number of charity scams designed by hackers. Once someone donates to a fake charity, their money goes straight to the hacker, and their bank information details may also get stolen.
How to avoid social engineering?
Hackers may be clever and do lots of research before launching their social engineering schemes, but all scams have their weaknesses. Here are some steps that will allow you to outmaneuver any social engineering scheme coming your way this holiday season:
Set up antivirus software. If you click on a malware-infected link, antivirus software should keep the malware from infecting your device. You should also do malware scans every once in a while to make sure you don’t have any malware silently lurking on your device.
Use a password manager. If you infect your device with password-stealing malware, a password manager will put up a strong level of encryption between your passwords and the hacker.
Check the sender’s email address. Got an email from Amazon? You might want to check if it’s actually Amazon. Hackers often use email addresses that differ slightly from the organization’s official email address, like “[email protected]”. The “1” indicates that the email address isn’t legit and that you shouldn’t click on anything sent from it.
Check the link before clicking. If you receive an email with a gift certificate or other unusual offer, hover over the link before clicking and check to see if it’s secure. If the link starts with “https”, that means that the website is secure. However, if it begins with “http” and doesn’t have the “s” at the end, then the website’s traffic isn’t encrypted, and it might be a scam.
Do your research before donating anywhere. It’s heartbreaking to imagine that charitable donations could go anywhere other than the intended recipients. If you want to do good and donate, make sure your money goes to an actual charity, not scammers. Do thorough research on the organization you’re considering donating to and make sure it’s legit.
Stand your ground
Technology already messes with our heads way too much and has taken a toll on many people’s mental health. (Check out the NordPass mental health page to find out the many ways in which technology affects your mental health and how to reduce the negative effects).
Falling for a holiday-themed phishing email certainly wouldn’t be the best thing for your mental health. Nobody expects it to happen to them, but it’s important to never forget about this threat. Please keep in mind that hackers are especially active this holiday season, and use the tips laid down in this article to protect yourself from their scams. Don’t let hackers take the holiday cheer away from you!