What do natural disasters and holidays have in common? That is when criminals love to scam people using social engineering tactics. Why? Because people are vulnerable at those times. We don’t know when the next natural disaster will strike, but we do know when the holidays will be upon us. The winter holiday season is a time of togetherness, festivity, anxiety, travel confusion, and stressful last-minute shopping. Those human conditions create a time when we are vulnerable to social engineering – even though we would normally be aware. Cybercriminals are ready to exploit those vulnerabilities that emerge during this time of year. Social engineering, a manipulative technique that preys on human psychology, becomes particularly common and effective during the holidays. When emotions run high, our guard can be let down. Let’s explore how social engineering plays a role in winter holiday cybersecurity scams.

Help me get home! Beware of Impersonation Scams.

One of the most insidious tactics cybercriminals employ during the winter holidays is impersonating family members. Imagine getting a phone call from a supposed relative, stranded somewhere, and in need of money to get home. Scammers play on emotions, fabricating scenarios that tug at the heartstrings, such as a family member stranded in a foreign country, facing a medical emergency, or experiencing financial distress. Who wouldn’t want to help a family member in need?

During the holidays, people are more likely to be emotionally vulnerable, making them susceptible to such manipulative tactics. Cybercriminals gather information from social media and other online sources to personalize their messages, making them more convincing. Be skeptical of unexpected or urgent requests from family members, especially if they ask for sensitive information or money. Always verify the person’s identity by checking in with a trusted source, like checking with the rest of the family to see if they’ve heard anything about the situation. The scammer will more than likely stress the need for secrecy like “Don’t tell mom, she’ll be really upset.”

Black Flag Friday! Social Engineering in Online Sale Scams.

The winter holiday season is synonymous with gift-giving, and the quest for the perfect present often leads to online shopping sprees. Cybercriminals seize this opportunity to deploy social engineering tactics through fake online sales—picture this: a hard-to-find item at a great price listed for sale on social media.

During the holidays, the desire to find the best deals may override the usual cautiousness individuals exercise when shopping online. Scammers can even create fraudulent e-commerce websites that mimic the appearance of well-known retailers, complete with eye-catching banners and too-good-to-be-true discounts. These sites may even use social engineering techniques, such as fake customer reviews and countdown timers, to create a sense of urgency.

Scammers have manipulated online search results so that a fake website appears above a real shopping site. Even the best of us can click on the fake listing if we aren’t extra careful.

To safeguard against online sale scams, scrutinize the legitimacy of the website before making a purchase. Remember, if a deal seems too good to be true, it probably is. Stay alert, shop wisely, and protect yourself from falling victim to holiday shopping scams.

Planes, Trains, and Trickery: Social Engineering and Exploiting Holiday Wanderlust.

Holiday travel opens a new avenue for cybercriminals to employ social engineering tactics. Scammers may send fake travel alerts, impersonate airlines, or create fraudulent booking confirmations. With the excitement of travel plans, individuals are more likely to overlook potential red flags, making them vulnerable to falling for these scams.

Before clicking on any travel-related links or providing personal information, double-check the authenticity of the communication. Verify details directly with the airline or travel agency through their official website or contact information. If you are using a short-term rental service like VRBO or Airbnb, keep the transaction on the website. Don’t accept an offer to save money by “taking the transaction offline.”

A Special Offer! Social Engineering in Phishing Attacks.

Phishing attacks, a prevalent form of social engineering, get a boost during winter holidays. The high volume of email ads and special offers makes it easier for criminals to sneak in their phishing messages. These messages may contain urgent requests for personal information or prompt recipients to click on malicious links.

During the holidays, people are more likely to be shopping online, and looking for bargains, making them susceptible to phishing attempts. Be careful when receiving emails with special holiday offers. The phishing emails may look like just what you want, but the link it contains may lead to a malicious website.

Give me that Gift Card! The Untraceable Payment.

Has any legitimate business ever asked you to pay by sending the numbers from an iTunes, or Amazon gift card?  Very unlikely.  Scammers use this trick to take your money in a sneaky way. By asking you to send them the numbers from a gift card – even multiple gift cards, they get the value of the card and you’re left holding the bag.

The scammers will build up a sense of urgency.  They need that gift card number now or you’ll be in big trouble, or you’ll miss out on this great deal.  Only use gift cards for their intended purpose – gifting – and never give anyone online or over-the-phone gift card numbers and PINs.

AI or human? Identifying Fake Text Messages.

Artificial Intelligence helps all types of social engineering become more potent by crafting very convincing and customized messages.  AI can create realistic pictures and even mimic individuals.  Discerning between real interaction and AI is becoming more and more difficult.

Defending against AI assisted criminals requires a multi layered approach that starts with user education and collaboration with security experts.

This holiday season, give the best gift of all – the gift of security awareness, so that the only surprises we get bring joy. Stay aware, inform others, and have a happy and safe holiday season!

By: Peter Thornton – Senior Security Consultant – CISSP | HCISPP | ISSMP | PMP | CISA | QSA

Contact us for more information about our cybersecurity solutions.

Peter Thornton is a Senior Security Consultant for the Risk Advisory Services practice at AccessIT Group (AITG). He helps clients identify needs and business drivers by analyzing security data and then translating security requirements in actionable steps, so that clients can make informed decisions. Peter holds many certifications in security and project management, including Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP).

More Blog