Putting a bow on holiday cybersecurity items

The holidays are always a time of increased cyber-attacks for individuals and businesses alike. Why? Because cybercriminals attack when they know an individual’s guard is down and attention is focused on other things – travel, shopping, worship services for Christians and Jews, and parties. Merely reading the previous words may spike some individual’s stress levels.

So, let’s add one more item to the list – being mindful of increased cybersecurity scams. Below are three items to be aware of throughout the holiday Season:

1. Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) is an online submission portal (www.ic3.gov) for reporting cyber incidents. On November 24^th, the FBI announced that “[b]etween December 2023 and February 2025, the FBI received more than 100 reports of IC3 impersonation scams. But the IC3 doesn’t work with non-law-enforcement entities to recover lost money or investigate cases. Likewise, the center will never directly contact you for information or money.” By way of analogy, think of the Internal Revenue Service (IRS) – either a hard copy is sent via mail or if an online ID is set up, then information can be accessed directly. The IRS does not call and remind you to pay taxes.
2. Shop with known vendors. Even though well-known entities such as Home Depot, Target and Neiman Marcus have experienced data breaches, there are likely remedies available through class actions and other legal venues. On November 19^th, the National Cybersecurity Alliance underscored the importance of “shopping smart” and “sticking with trusted retailers.” Additional tips include: (1) comparison shop so you know the average cost of an item; (2) double check the website address for website clones that might have a name like (amazon_deals.co), which is not legitimate; (3) share only information that is necessary; (4) use credit cards instead of debits charge because there is stronger fraud protection associated with credit cards; and (5) watch out for odd payment requests such as Zelle, cryptocurrency or other forms of usual payment (e.g., Mastercard, Visa, Discover and American Express).
3. Beware of and common scams, preventative measures and Cyber-Grinch attacks. According to the Federal Trade Commission (FTC) and McAfee, there are preventative measures that can thwart common scams and cyber-Grinch attacks. By utilizing various forms of phishing with links for unsuspecting or distracted consumers to click on, cyber-grinches (aka holiday cybercriminals) are looking to steal toys, identities and forms of payment. Buying from resale sites can be problematic because automated “Grinch Bots” buy up popular items and resell them at higher prices and a higher risk of the payment being turned into fraud. Don’t click on delivery texts. Check the confirmation email that was received immediately after the order was placed with the tracking information. Then cut and paste it into the respective shipping company website. Call or use the legitimate online portal to let the company know that an item was not received or a change of delivery date needs to be made, especially if a signature is needed. Lastly, use multi-factor authentication where available. Amazon has had the feature for years and while nothing is full proof, making it harder for cybercriminals to intercept information is critical.

Other notable items could save a lot of headaches downstream. First, delete any unnecessary text messages. Even if you know a package is being delivered, read the text but don’t click on the link and then delete it after you have the package in hand. Second, make sure that all patches are updated on smartphones, computers, software and medical devices and apps containing sensitive information. Finally, don’t use open or “free” WiFi because it is a portal through which cybercriminals can attack. In sum, taking a few moments to make sure that protective measures are in place and having a game plan about sites to shop and not responding to unnecessary links can save a lot of time and frustration downstream while enabling individuals to enjoy the holidays just a “little bit more.”

Rachel V. Rose, JD, MBA, advises clients on compliance, transactions, government administrative actions, and litigation involving healthcare, cybersecurity, corporate and securities law, as well as False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.