Unwrapping the Dark Side of Christmas: A Survival Guide for Digital Shoppers

'Tis the season to be jolly but also wary because corruption, fraud, and cybercrime tend to rise during the holiday season. Cybercriminals are crafting their naughty list as we rush to buy gifts and spread goodwill. And, as we deck the virtual halls with digital shopping carts, criminals are preparing to take advantage of a period when we are often distracted and less vigilant.

Let's dive into the world of online Christmas scams and arm ourselves with the knowledge to help keep our holidays merry and bright.

Why Crime Increases During the Holidays

Many festive factors contribute to increased criminal activity during the holiday season. Some of the more obvious factors include:

1. Increased Spending: As more people shop online and make donations, fraudsters have more opportunities to take advantage of unsuspecting individuals[i].

2. Distraction and Urgency: The hustle and bustle of the holidays can make us less vigilant. We may overlook warning signs or fall for scams that we might otherwise typically recognise[ii].

3. Workforce Dynamics: Many businesses hire seasonal employees to handle the holiday rush. Without thorough background checks, this can increase the risk of insider threats. Additionally, many employees will take leave, meaning controls may not be monitored as effectively as at other times of the year[iii].

4. Pressure to Perform: Companies often feel the pressure to meet year-end targets, which can lead to unethical practices or corruption.

5. Gift-giving: The season of goodwill and the tradition of gift-giving are often used to cover the payment and acceptance of bribes, particularly to public officials, where gift-giving and receiving are usually subject to strict controls.

The Ghost of Christmas Scams Past, Present, and Future

The Phishing Elf's Workshop

Just as Santa's elves work tirelessly, so do scammers in their digital workshops. Phishing and smishing attacks have evolved, with scammers now using advanced technology to craft convincing emails and text messages. These digital elves aren't making toys; they're manufacturing trouble.

Pro Tip: Be as sceptical as Scrooge about unsolicited emails and messages. Check the sender and avoid clicking on suspicious links.

The Grinch's Fake Storefronts

The Grinch isn't just stealing Christmas; he's setting up shop online. Fake e-commerce sites and social media ads are designed to trick you into buying non-existent products or revealing sensitive information[iv].

Pro Tip: Shop on reputable websites and look for the padlock symbol and 'https://' in the URL.

The Luxury Stocking Fillers

Gift-giving is an integral part of the holiday season. Still, it’s also a period where those seeking to make or solicit corrupt payments have already written their letter to Santa and will exploit the festive spirit to mask unethical actions under the guise of holiday generosity.

Pro Tip: Please always ensure that any gift giving or receiving as per your company's anti-bribery and corruption policy, and consult with your compliance function if in doubt. Be especially careful regarding public officials, or you may hang your stocking up in a prison cell.

Rudolph's Red-Flag Deals

Those too-good-to-be-true holiday discounts might glow as bright as Rudolph's nose, but beware! Flash sales and 'exclusive' limited time offers are often bait for payment scams and identity theft schemes.

Pro Tip

Don’t get wrapped up in deals that are too good to be true.

Mistletoe Marketplace Mishaps

Don't let romance scammers catch you under their digital mistletoe. Holiday loneliness could make victims vulnerable to fake dating profiles and relationship scams that promise festive love but deliver heartbreak and empty bank accounts[v].

Pro Tip

Learn the red flags and be wary of any requests related to sending money or any form of bank account interaction. Be especially aware of reluctance to communicate over a video call.

Sleighing the Scams: Your Holiday Protection Toolkit

The Santa Claus Authentication Method

Just as Santa checks his list twice, you should, too. Enable two-factor authentication (2FA) on your accounts. It's like having a magical elf guard your digital chimney.

The Reindeer Password Protocol

Create passwords stronger than Rudolph's nose, which is bright. Use a unique, complex password for each account. Think of it as giving each of your accounts a unique Christmas cookie.

The North Pole Update Initiative

Keep your devices as up-to-date as Mrs Claus's recipe book. Regular updates protect against the latest threats.

OSINT and SOCMINT: Your Digital Detectives

The Elf Intelligence Network (OSINT)

OSINT is like having a team of elves scouring the internet for clues. It involves gathering information from publicly available sources to help detect and prevent fraud.

OSINT techniques can be used to help:

• Screen potential sellers against adverse media databases and watchlists[vi].

• Check for criminal convictions in jurisdictions where that information is public[vii].

• Monitor online forums and the dark web for emerging fraud trends[viii].

The Social Media Sleigh Ride (SOCMINT)

SOCMINT is your digital sleigh ride through the social landscape. It focuses on gathering intelligence from social media platforms. During the holiday season, be like one of the three wise men and:

• Review your social media privacy settings to limit sharing of personal information.

• Be wary of fake giveaways and promotions on social platforms.

• Use SOCINT tools to verify the authenticity of online sellers and products.

Conclusion: Keeping the Season Bright

By staying vigilant and following these tips, you can help ensure your holiday season remains filled with joy, not regret.

Remember, the best gift you can give yourself this Christmas is the gift of cybersecurity awareness.

Now go forth and shop with the confidence of Santa on Christmas Eve

Authored by: The Coalition of Cyber Investigators

Paul Wright (United Kingdom) & Neal Ysart (Philippines)

©2024 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator; and

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader.

With over 80 years of combined hands-on experience, Paul and Neal remain actively engaged in their field.

They established the Coalition to provide a platform to collaborate and share their experience and analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. Recognizing that this convergence has created grey areas around critical topics, including the admissibility of evidence, process integrity, ethics, contextual analysis and validation, the coalition is Paul and Neal’s way of contributing to a discussion that is essential if the unresolved issues around OSINT derived evidence are to be addressed effectively. Please feel free to share this article and contribute your views.

[i]Muncaster, P. (2024, December 20). UK shoppers lost £11.5m last Christmas, NCSC warns. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/ncsc-warns-uk-shoppers-lost-115m/ (Accessed December 20, 2024)

[ii]Trend Micro. (2024, December 17). 3 Christmas Scams to watch out for in 2024. Trend Micro News. https://news.trendmicro.com/2024/12/17/christmas-scams-2024/ (Accessed December 20, 2024)

[iii]Dixon, D. (2024, October 31). Cyber crime and the festive season: A dangerous spike in cyber threats. CyberLab® Detect. Protect. Support. https://cyberlab.co.uk/2024/10/30/festive-season-cyber-crime/ (Accessed December 20, 2024)

[iv]Trading Standards Service warns consumers to be alert to the twelve scams of Christmas. (2024, December 19). Department for the Economy. https://www.economy-ni.gov.uk/news/trading-standards-service-warns-consumers-be-alert-twelve-scams-christmas (Accessed December 20, 2024)

[v]8 scams to be aware of this Christmas - Trading Standards Service. (2024, December 2). Heart of the South West Trading Standards Service. https://www.devonsomersettradingstandards.gov.uk/8-scams-to-be-aware-of-this-christmas/ (Accessed December 20, 2024)

[vi]Do cyber attacks increase in the Holidays? (n.d.). https://www.twenty-four.it/insights/holiday-cyber-attack-increase/ (Accessed December 20, 2024)

[vii]The 12 scams of Christmas - Swansea. (n.d.). Swansea. https://www.swansea.gov.uk/article/8259/The-12-scams-of-Christmas (Accessed December 20, 2024)

[viii]Sayegh, E. (2024, December 4). It may be Christmas time, but it’s still a dangerous world out there. Forbes. https://www.forbes.com/sites/emilsayegh/2024/12/04/it-may-be-christmas-time-but-its-still-a-dangerous-world-out-there/ (Accessed December 20, 2024)