CyberCX Hack Report: Insights from a year of offensive security testing

INCIDENT RESPONSE
CONTACT US
INCIDENT RESPONSE CONTACT US
CyberCX Blog

How to stay cyber secure this holiday season

Cyber Security Strategy

Published by Hunted Cyber Team, Leah Pinto, Jay Banerji and Carter Smith on December 12 2024

 

Technology has become a big part of the holiday season.

From online shopping for presents to giving the gift of tech to your loved ones, the Christmas season and tech go hand in hand.

But with any tech can come risks – whether it’s dodgy e-commerce sites or common mistakes people make securing the smart devices they open on Christmas day.

Afterall, it’s a busy, stressful time of year where people can drop their guard. 

We asked our Hunted Cyber experts for their top tips for staying cyber secure this holiday season.

 

Purchase from reputable websites 

In the race to get your Christmas shopping done, everyone is on the hunt for great deals. But it’s important to remember to make online purchases from reputable websites rather than chasing those too good to be true deals on social media. 

Here are some things to consider before hitting purchase online:

  • Is the website secure? It should have ‘https:’ at the start of the URL. If it doesn’t, your data won’t be encrypted and can be intercepted.
  • Look at the creation time of the website or social media page – if it’s just popped up a month ago, this might be a red flag. You can find a website’s creation time by clicking the three dots next to the site’s Google Search result and going to ‘About the Source’.
  • Search on independent review sites – such as Trustpilot, CHOICE and ProductReview – not connected to the website or social media page you’re considering purchasing from.

 

Beware of dropshipping scams that sell cheap, low-quality goods.

  • Dropshipping is a business model used by online merchants who sell products without maintaining an inventory. In effect, they are resellers from manufacturers or warehouses, with a mark-up on products not from bulk-buying, but from effective marketing strategies.
  • Dropshipping scams use social media to increase reach and create a false sense of trust. They typically involve a new online business page being created, with a sudden influx of positive reviews and engagements from paid bots. They often run intensive social media marketing campaigns for their products, usually passing them off as luxury or designer goods, supported by these fake engagements and reviews.
  • Many of these online stores do not actually retain any of the products they are selling, and act as dropshippers reselling very cheap, low-quality products. 

 

Be careful with your payment details

Once upon a time we only had to worry about keeping the cash or cards in our wallets safe. Now, it can be hard to keep track of who has them and where our payment details are online. The unfortunate reality is that when we type in our payment details to make an online purchase, those details may be stored and become vulnerable to cyber criminals.

Consider these tips before purchasing your next item: 

  • Utilise online payment services such as PayPal, Amazon Pay, Apple Pay or Google Pay, to reduce the number of places your payment information is stored.
  • Put more trust into websites that use a trusted third-party payment processor such as Stripe, Windcave or Square. Those that use native payment providers may retain copies of your debit or credit card, leaving them more vulnerable to data theft.
  • Never save your payment details in apps or websites – it may seem convenient for your next purchase, but it introduces risk. Instead, use an online payment service provider, like PayPal, or other trusted payment processors. 
  • Avoid entering payment details via a social media platform, for example, an online store you’re browsing on Instagram. Visit the website from your browser to make the purchase, using the above advice, to limit the number of places your details are stored.

 

Be smart with your smart devices

Internet-connected devices bring a wealth of convenience, utility and connectedness to our lives. They are popular gifts around Christmas time, but they are not without their cyber risks.

When buying a smart device: 
  • Do your research and buy from reputable brands.
  • Check independent review sites.
  • If buying for a child, check the device has parental controls to help monitor and limit inappropriate content.
  • Remember, cheaper tech alternatives will get you lower quality, but also little to no security.
When setting up a smart device: 
  • Reset default passwords – sticking with the default password for a smart device is an easy entry point for cyber criminals, so always reset them with your own unique password and enable biometric authentication where possible, such as Apple’s Face ID.
  • Check privacy policies – what information does the device collect, where is it stored and who is it shared with? Some of the answers to these questions might surprise you and change how and where you use your device.
  • Think twice about clicking accept on the ‘share analytics’ notification – whilst some are ‘anonymous’ there’s a chance they can be attributed to you.
  • Use federated identity where possible – this includes ‘sign in with google’, that way you’re using a single set of credentials and minimising your points of vulnerability.
  • If using iCloud – use ‘hide my email’ which generates a random email address and forwards emails to your legitimate one. This is a good way to maintain privacy and identify sites that are selling your information.
  • Turn on automatic updates to patch the latest vulnerabilities.
  • If setting up a smart device for your child, turn on parental controls to help monitor and limit to age-appropriate content.

 

Think twice before connecting to free Wi-Fi

Is it safe to use public Wi-Fi networks? CyberCX’s Jed Laundry looked into this question in a recent blogpost which you can read here

Free Wi-Fi hotspots are common in hotels, cafes and even some parks. While it can be convenient in areas with poor reception or for travellers abroad, it comes with risks.

When using your device while travelling, be sure to:

  • Update to the latest operating systems and security patches, activate device encryption, set strong passwords, and enable biometric authentication where available.
  • Implement multi-factor authentication on all online accounts for an additional layer of security.
  • Avoid connecting to public Wi-Fi networks whenever possible, particularly at cafes, events or airports. 
  • Hotspot from your smartphone when using your tablet or laptop, if possible.
  • Disable automatic Wi-Fi and Bluetooth connections.
  • Avoid scanning QR codes or following URLs posted in public spaces—these can be used to direct you to compromised websites. 

Next

Is it safe to use public Wi-Fi networks?

Other Cyber Security Resources

Shift-Left with Threat Modelling: A Quick Guide for Startups and SMEs Building Technology

Read More

Incoming Cyber Regulations: Your Guide to Staying Ahead in 2025

Read More

Harnessing the power of Named Pipes

Read More

Palo Alto Cortex XDR bypass

Read More

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.

Talk to an expert