Holiday Online Shopping
This type of fake website often pops up during holiday sales, offering deals “too good to be true” to steal your payment info.
What is a spoofed shopping site / fake e-commerce site?
RIFEALWL
What is FIREWALL?
Scammers often impersonate charitable organizations during the holidays to solicit fake donations; this practice is known as this.
What is charity fraud?
Attackers exploit USB charging ports and cables to steal data or install malware.
What is Juice Jacking?
Travelers should avoid logging into sensitive accounts on these often-unsecured networks commonly found in airports and hotels.
What are public Wi-Fi networks?
Security experts recommend enabling this extra security login capability, especially on retailer accounts, before buying gifts online.
What is multi-factor authentication (MFA) / two-factor authentication (2FA)?
ONSOIPGF
What is SPOOFING?
Attackers send texts claiming holiday delays from UPS, FedEx, or USPS; these fraudulent messages belong to this attack category.
What is smishing (SMS phishing)?
This is a model that allows attackers to access advanced phishing tools to launch sophisticated phishing attacks with minimal hacking skills.
What is Phishing as a Service (PhaaS)?
Criminals may set up fake “Free Holiday Wi-Fi” hotspots in busy transit hubs; these are called this kind of access point.
What is an evil twin hotspot?
Cybercriminals send fake “Your package couldn’t be delivered” emails to trick shoppers into clicking malicious links; this is a form of this attack technique.
What is phishing?
SOAEWRARNM
What is a RANSOMWARE?
Fraudsters who call pretending to be family members needing emergency holiday funds are using this emotional manipulation tactic.
What is the “family emergency” scam / impersonation scam?
This type of attack happens when malicious code is delivered simply by visiting a website. No clicks or downloads needed.
What is a Drive-By Compromise?
This protective tool creates an encrypted tunnel for safe browsing when traveling for the holidays.
What is a VPN (Virtual Private Network)?
Before entering credit card info on a holiday shopping site, users should always check for this five-letter acronym in the browser’s address bar.
What is HTTPS?
RINNOEPTCY
What is ENCRYPTION?
Many holiday-themed phishing emails use this type of urgent language strategy to pressure victims into acting quickly without thinking.
What is creating a sense of urgency?
A web trick where a harmless-looking page you opened earlier changes to a fake login page while it's in the background tab.
What is Tabnabbing?
Leaving Bluetooth enabled while holiday shopping or traveling can expose devices to this type of proximity-based attack.
What is a Bluetooth hijacking attack (e.g., bluesnarfing / bluejacking)?
These are temporary digital payment numbers, offered by some banks, that can protect shoppers by keeping real card info hidden during holiday purchases.
What are virtual card numbers / single-use card numbers?
YLVLITRAUBNEI
What is VULNERABILITY?
When attackers gather personal details from social media holiday posts to make scams more believable, they're exploiting this type of information.
What is open-source intelligence (OSINT)?
A cryptographic attack where an attacker abuses a security feature of hash algorithms, which are used to verify the authenticity of messages and exploits the logic behind the "birthday problem".
What is a Birthday Attack?
When a malicious actor silently intercepts data between a traveler and a legitimate website, it’s known as this classic attack.
What is a man-in-the-middle (MITM) attack?