‘Tis the season to be vigilant

Freddy Knight, Cyber Practice Specialist, shares some advice on the common email and text message scams during the festive season.

Online sales reach their highest numbers during the festive period and as businesses begin preparing for Christmas, cyber criminals around the world are working hard on deploying their annual phishing campaigns. Evidence suggests that criminals really step up their efforts at this time of year so the need for businesses and consumers to be vigilant increases tremendously.  There is a growing seasonality to hacker activity and threat actors.

Employees are concentrating on finalising work pieces before their break so now is the perfect time for criminals to send hoax invoices. As skeleton staff are deployed in offices around the world, it can be expected of you to help colleagues and make payments on their behalf, but you should still be applying the same two factor authentication tactics that you have done all year.

Most of us will be expecting deliveries from Amazon, Ebay, Apple and other online retailers and the criminals, being the kind-hearted individuals that they are, have no issue taking full advantage of this.

As a result, you can expect to see variations of the following emails and text message scams.


Problems with your order

You receive an email notifying you of problems with your order. In order to resolve the issues and process your delivery, you will need to re-enter some account details via the link provided in the email. The email will be generic and will not contain details of the items in question. The purpose of this email is to obtain username and password details which can be used by the scammers.


Your order invoice/receipt

You receive an email from your retailer with what appears to be an official invoice or receipt attached for a product that you know nothing about. In the email body, the scammers will provide a ‘cancelation link’ for the order which is noted to have cost several hundred pounds. This scam is twofold – the attached invoice/receipt could contain malware whilst the cancellation link will take you to a website also requiring you to enter your account information.


Your account is locked

You receive an email advising that your account has been locked and, as such, no existing orders can be processed. The email will say that they have noticed log in attempts from various locations around the world (giving precise locations and times) and that in order to unlock your account, and ensure your items are delivered, you will need to follow a link and provide the required information. There may be a time limit to do so to ensure your goods arrive in time before Christmas, normally up to 72 hours.

As well as taking advantage of the spike in online sales, scammers are aware of the January 31st deadline for submitting your online self-assessment and business tax returns with HMRC. You may receive an email suggesting that you are due a rebate in the hundreds of pounds. The email will state that receiving your rebate is simple – just follow the link below and provide the information requested, normally name, address, DOB and bank account information.

The above are genuine examples seen or received already this year so please give that little bit extra thought to who you’re dealing with online this Christmas.


What can you do to protect yourself?

  • Always follow up an email with a telephone call before making business payments
  • Be careful what information you share online and who with
  • Do not click on any unsolicited email links that contain attachments such as.zip or .exe files.
  • Remember – Businesses and HMRC will never use an email to ask for personal information


Talk to us

If you would like to learn more about how we can help you with cyber insurance, please get in touch.

Call us on 0207 089 2900 or email us at commercial@stackhouse.co.uk