10 Cybersecurity Tips Santa Claus Recommends

How can you avoid finding malware under your Christmas tree? At TITANS, we explain why the holiday season is a paradise for cybercriminals and highlight the scam tactics to watch out for.

In many posts, people ask what products others recommend. However, they aren’t looking for a new coffee maker—they’re seeking a MaaS-type infostealer, a kind of malware designed to steal sensitive information.

Today, cybercriminals who sell infostealers no longer rely on cryptic messages in hacker forums; instead, they openly promote their products on mainstream platforms.

For example, SnakeStealer is sold on Telegram, where users discuss optimal configurations, recommend cryptors, and share their successes.

Unfortunately, the holidays bring not only joy but also stress, financial strain, endless to-do lists, and the sense that there’s never enough time. Amid a flood of notifications, discount codes, and flash sale ads, we’re exposed to more risky links and downloads than usual. Even the most cautious among us can click a malicious link and become the next victim of cybercriminals—all it takes is a single moment of inattention.

Cybercriminals’ Strategies

This year, hackers are using AI to create more subtle and convincing scams with greater ease.

More than half of people have encountered ad-related malware, and over a quarter have fallen victim to it. This software, known as adware, floods your screen with unwanted ads or tracks your clicks to profit from your data.

Other scams include malvertising, where criminals embed malicious code into online ads that appear completely legitimate. In some cases, simply loading the page is enough to trigger an attack. Forty percent of people have been targeted by malvertising, and 11% have fallen victim to it.

Half of people encounter scams on social media every week, and one in four encounters them at least once a day.

Homoglyphs use similar-looking characters to mimic legitimate URLs or email addresses. Typosquatting involves registering domain names that closely resemble popular websites, often with minor spelling errors. Both methods are commonly used in phishing and shopping scams. For example, “℮s℮t.com” uses two “℮” symbols instead of the letter “e,” making it appear like “eset.com” at first glance.

Vishing, which uses phone calls and voice messages, and quishing, which relies on QR codes, have also become significant threats. These scams are often generated and sent on the same day, reducing the likelihood of being flagged by security blocklists that rely on previous reports. Furthermore, QR codes specifically target mobile users, who may have less protection from internet security tools.

The Growing Risk of Text Messages

One in two people receives a fraudulent text message once a week, while 27% are targeted by scams every day. So-called “smishing” is an increasingly popular tactic among cybercriminals, with up to 75% of organisations falling victim to it in 2023. Several factors contribute to its effectiveness:

1. Victims are more likely to click on text messages than on other links.

2. It is harder to spot dangerous links on mobile phones.

3. People are accustomed to banks and brands contacting them via SMS.

4. They often receive shortened URLs in text messages.

In smishing scams, attackers may pose as bank representatives, police officers, customer support agents for trusted brands, package delivery drivers, or even a boss or colleague urgently requesting help. Sometimes, they pretend to have sent a message to the wrong number to gain the victim’s trust through conversation. In other cases, attackers already know the victim’s username and password but still need a verification code to access the account. They may pose as a friend who has been locked out of their own account and ask the victim to send the code. Another common tactic is to offer free apps that are actually malware or ransomware.

How to avoid falling for cybercriminals’ scams

The vast majority of adults worldwide take at least one step to verify the legitimacy of an offer, yet many still fall victim to scams. Part of the problem is that people often rely on less effective verification methods.

At TITANS, we therefore recommend the following guidelines:

1. Not just this Christmas, but always check the brand’s reviews on other websites, with friends, or with family.

2. Check whether payment can be made by credit card or another refundable payment method.

3. Trust your intuition, which will tell you if an offer is too good to be true.

4. Many scams imitate well-known brands, so it’s best to shop on their official websites or other trusted sites.

5. Remember where you ordered your package and which delivery service you chose so you don’t fall for fraudulent messages.

6. Check your account activity regularly to spot any suspicious activity early.

7. Use unique passwords or passkeys, and enable two-factor authentication.

8. Watch out for scams targeting accommodation bookings.

9. Install the latest updates on your devices and apps.

10. Remember that many scams create a sense of urgency and pressure you to respond immediately.

Conclusion

During the holiday season, we are exposed to more advertisements, among which cybercriminals cleverly hide fraudulent schemes. This year, thanks to AI, their traps are much more sophisticated and widespread. It’s important to regularly check your account status, install device updates, and shop only on verified websites. Trust your intuition—be aware of the psychological pressure scammers use and avoid suspicious messages or QR codes.

If you’re interested in similar trends in the IT sector, subscribe to our newsletter, Keeping Up with TITANS.