• Start
  • Blog
  • 5 Christmas gifts your users should look out for
The threats and scams are not unique but the attacks are more numerous and increasingly sophisticated. Nimblr lists five of the most common types of "Christmas camouflaged" threats.
November 30, 2022

5 Christmas gifts your users should look out for

5 Christmas gifts your users should look out for

Cybercriminals emerge every Christmas

Every Christmas, cybercriminals use digital Christmas cards and greetings to infect and deceive users. The threats and scams are not unique but the attacks are more numerous and increasingly sophisticated. Nimblr lists five of the most common types of "Christmas camouflaged" threats.

During the holiday season, digital Christmas cards and greetings are sent in droves. At the same time, Christmas is one of the times when we do most of our shopping online, search for suitable gifts and communicate with distant friends with whom we are not normally in touch.

Digital Christmas cards are becoming increasingly sophisticated and often contain software code, animations or forms. This is exploited every year by cybercriminals to trick us with login details, credit card numbers or to infect our systems with malicious code. In this article, Nimblr lists five of the most common digital threats this holiday season:

False delivery notifications of shipments

‍The holiday season typically sees an increase in fake delivery notices, where cybercriminals try to make you believe that a delivery has been delayed or failed. They may appear to come from several different carriers, such as FedEx, DHL, or Postnord, and often contain a link or attachment that can infect your system. Avoid opening attachments or clicking on links in these types of messages. If you are unsure about the authenticity of a delivery message, you can try tracking the shipment ID listed in the message on the shipper's own website.

Gift cards from banks and shops

‍ Cyber criminals use fake messages from well-known companies to trick you into believing that you are eligible for a Christmas bonus through special Christmas offers. To take advantage of the Christmas offer, you are directed to a website resembling a well-known bank or online shop, where you are asked to enter personal information such as your name, credit card details, bank account, etc. This information is used by the fraudsters to hijack your accounts or sold to other criminals.

Fake shopping sites

‍Through legitimate banners, or via spam emails, you are lured to buy from fake websites. The websites often use well-known logos and well-known products offered at low prices. You are tempted to order goods and pay by credit card, but the goods are never sent. Be careful to check that the link to the online shops you visit is correct and that HTTPS sites have the correct certificates.

Digital Christmas cards with malware

‍ Fake Christmas greetings via email are common, prompting you to click on a link to receive the greeting. The links in these attacks often lead to websites that infect your systems. As a minimum, legitimate Christmas messages should contain the name and email address of the sender, but even these may have been stolen for use in the attack. Never click on links in emails that do not include the sender's real name and email address, and never download anything from the page you are directed to.

Fake charity campaigns

‍Many charities run campaigns during the Christmas period and people are often extra generous during the holidays. This is exploited by fraudsters who use the logos of well-known charities in fake mailings asking you to provide personal data and donate money. The personal data may be used for identity theft and the money donated will not go to charity at all. If you want to give money to charity this Christmas, use the websites of the charities themselves.

Training directly on your mobile phone

Nimblr's Micro Training can be carried out directly in the mobile phone or in the computer's browser. No login details are required by the user, instead each user is identified by the unique link in the email invitation. The system also sends reminders to those users who have not completed courses within a given time frame and continuously reports the completion rate to the administrator.