Seasonal Awareness

The NCSC would like to remind everyone that the Christmas period is a particularly prevalent time for malicious spam messages. In addition to the regular email phishing, phones are also targeted through sms (text message) phising (smishing) and malicious links embedded in popular messaging apps. Another popular attack method with cyber criminals is fake refund or shipment tracking sites that attempt to harvest credentials(username/passwords/credit card details) from unsuspecting members of the public. The success of these tactics are based on the increased likelihood of using an online platform to purchase goods over the period, coupled with the increased urgency people feel to track their purchased goods in order for them to arrive in time for Christmas. This can lead to some being less vigilant about clicking links and visiting sites than they might otherwise be throughout the rest of the year. The NCSC would like to highlight the following points:

• Christmas messages from an untrusted source that asks you to click a link, play a video/audio file etc. should not be viewed. Even if the source is trusted, extreme caution should be exercised as the source itself may have been compromised.
• Do not enter your account credentials (username/passwords/credit card details) if you receive an unsolicited email pertaining to be an online shipment company without verification first. In the event that you wish to query the status of a particular item they should take note of reference numbers etc provided at the time of original purchase and ensure these match any subsequent correspondence.
• Be particularly vigilant around New Years and Christmas Eve when the volume of messages, both legitimate and malicious, increase greatly with people sending seasonal greetings.
• Be vigilant when purchasing goods online, when making purchases, make sure each site you visit starts with "HTTPS" (S stands for Secure) and indicates that malicous 3rd parties cannot intercept any of the details being sent between you and the website you are currently visiting.
• Many of the most popular online services and apps for your home computer, mobile phone or tablet can be configured to use Two Factor Authentication or 2FA. 2FA adds an extra layer of security to your online accounts and greatly inhibits malicous 3rd parties from gaining access to these. Online services that use 2FA, include social media platforms such as Facebook, Instagram and Twitter, Email platforms including Gmail, Outlook and Yahoo and backup services like iCloud, Dropbox, Google Drive and One Drive. There are many other platforms and apps that support 2FA, if one of the apps or online services you use frequently is not listed, please check their website to learn if you can enable 2FA when accessing your account.
• Secure your mobile devices:
  • Only install apps from the offical App Store or Play Store.
  • Make sure to update the device software and applications to the latest version.
  • Consider installing reputable anti-virus software on the device.
  • Select the most secure settings on your device.
  • Turn off Bluetooth when you are not using it.
• Do not reuse the same password across different accounts and create strong complex passwords. The NCSC would encourage the use of a password manager in order manage multiple online accounts.

Note: The guidance above is offered free of any legal liability. The examples above have been provided for convenience and does not constitute endorsement of any sites or any associated organisation, product or service.