How to keep cyber-safe at Christmas

Caroline Scotter Mainprize | December 7, 2017

Cyber-criminals know how to exploit Christmas-shopping anxiety. Don’t let them target you.The countdown to Christmas has started, and you’re feeling stressed. One half of your mind is still worrying about what to get your Great Aunt Eunice. The other half is fretting about whether the presents you have already ordered will arrive. And you still have to organise the food, attend the children’s carol concert, and somehow manage to keep doing your day job too!

From a cyber-criminal’s viewpoint, this makes you easy pickings for a bit of light phishing. They could send you an email or text marked, URGENT: your recent order has been delayed or URGENT: your account has been suspended. In your anxious state, there is every chance that you will click on it – even if you would normally be much more careful.

And then they might be able to infect your system with ransomware or hack into your machine and steal bank details, personal data records or any number of things.

An additional problem is that hackers have got progressively better at spoofing both websites and domain names. It used to be that they would give themselves away with spelling errors or mistakes in what websites or emails from Amazon or Paypal look like, and would use a variation of the official website address that was obviously fake –amzon.com, for example.

However, a new trend amongst cybercriminals is to use different alphabets to create domain names with barely perceptible differences from official website addresses. For example, it’s virtually impossible to spot the little dot over the first ‘a’ in ȧmazon.com: you could mistake it for a speck on your screen.

At this time of year, don’t try to be too clever. Just obey two simple rules:

1. Don’t click on a link in an email or text

2. Don’t click on links in websites you don’t trust

If you receive an email with a message that looks worrying, by all means follow up. But go directly via a browser to the organisation’s website (Paypal or DHL or whatever). Type the address in yourself – no copying and pasting. You can then check your account details using your own login details.