December is traditionally associated with holiday season shopping, a time where various fraudsters are particularly active. Taking into account our modern lifestyles and changes due to the COVID-19 pandemic, including remote work and the necessity to perform more and more of our everyday activities and purchases online, the attackers prey on our diminished attention and holiday euphoria in order to commit frauds on the Internet.
Holiday sales most commonly feature top offers resulting in a multitude of shopping orders. This situation is likely to be abused by the attackers for varius malicious activities, whereby they supposedly offer products and services at extremely low prices, through vouchers and gifts, or by organizing prize contests that sound too good to be true, sounding the alarm that in similar situations one has to be very cautious when disclosing one’s personal data.
The attackers may target the most visited web pages featuring holiday sale specials and create fake ones, which mimic the legitimate websites. The most frequent fraud models include contacting the user via an SMS message, e-mail or instant app such as WhatsApp or Viber. These messages most usually contain a malicious link, which redirects the user who clicks on it to a fake website, where they are asked to leave their personal data, credit card number included. More about this type of fraud can be found here.
The National CERT advises all Internet users to be extremely vigilant when asked to provide their personal and credit card information, and to check the legitimacy of the Internet page they are visiting (by inspecting the browser address line at the top of the page), paying additional attention and taking extra time when using e-commerce platforms to read their payment requirements policy. Credit card data are only to be filled out when the user wants to pay for a product or service, whereas for an inpayment this information is not needed – the account number to which the amount needs to be paid is enough.