Blog | Cybercrime thrives at Christmas time

Cybercrime thrives at Christmas time

As we all wind down for the festive period, plenty of us still have Christmas shopping to contend with. And as the footfall of our high streets and shopping centres reach their annual high, many of us will turn our attention to grabbing some last-minute deals online.

But as Christmas day approaches, shopping for gifts becomes increasingly frantic and stressful. Unfortunately, it’s easy for both consumers and retailers to forget about the basics of online security during this time, making them more vulnerable to cybercrime.

Most attackers see the run up to Christmas as their best opportunity to profit from their illegal activities. This is because cyber awareness is often overlooked, and more online transactions are taking place than at any other time of year.

According to Verizon’s 2021 Data Breach Investigations Report (2021 DBIR), 42% of confidential data breaches targeted consumer payment details in 2021. What’s more, 41% targeted personal data, and 33% targeted credentials held by retail outlets.

So what methods are cybercriminals using to exploit our Christmas shopping habits?

Most cyberattacks and data breaches are a result of phishing, where attackers use various different methods to entice you into disclosing personal information, transferring money or giving up personal login credentials. These methods include:

Brand impersonation – This is where someone pretends to be from a legitimate organisation to trick the receiver into believing their email has been sent from a trusted sender.

Extortion – This is where the attacker attempts to threaten or frighten you into giving them your personal data.

Scam – This is where the attacker tries to trick you into sending them your personal information or money, usually posing as a family member, friend, or colleague.

Business email compromise (BEC) – This is where a business falls victim to a highly targeted phishing attack, not just an individual. Attackers may use some of the other methods outlined above to target vulnerable employees.

All of these methods usually involve a link, button or even QR code leading to a fake or malicious website.

December is prime time for phishing campaigns as many legitimate businesses send out emails, advertising their latest deals before Christmas. As a result, fraudulent emails often get lost in the flurry of promotions as they are harder to distinguish.

Responsibilities of retailers this Christmas

As your stores get busier over the festive period, it’s easy to get distracted amongst all of the commotion. However, attackers will be looking to capitalise on your busy period.

The best way to combat potential data breaches is to promote the importance of cybersecurity throughout your workforce. By educating your staff and raising awareness on how to identify potential cyber security threats, you will reduce your risk of falling victim to cybercrime. Ensuring your staff understand the difference between legitimate and fraudulent activity is a very important responsibility in protecting not only your own data, but your customers’ data too.

Retailers also have a responsibility to keep sensitive data safe. This can be achieved by investing in robust email security, backup and CRM solutions, and by applying for your Cyber Essentials certification. Cyber Essentials is a government-endorsed standard awarded to businesses that follow a set of specific security parameters. It has two aims; to outline the basic security measures businesses should implement to mitigate their cyber security risks, and to demonstrate their compliance to their customers, suppliers, investors and stakeholders etc.

Retailers should also make sure that all of their hardware and software is up-to-date as legacy systems could be vulnerable to potential threats. Keeping your systems current is key in cybersecurity.

It’s important for retailers to remember that cybercriminals don’t just target payment information, they are looking for personal information too. Regardless of what industry you are in, it is your responsibility to keep your customers’ data secure.

For more information about how to stay secure over Christmas, get in touch with one of our experts. Give us a call on 0333 313 5000 or send an email to

More content from DuoCall