Well, we made it. The 2025 Holiday season is upon us. A chance for things to slow down a bit as we spend time with family, loved ones, and friends. And for some, a chance to purchase the next cool widget, game, piece of technology, or to book some travel to visit their extended circle. With this increase in travel and consumer purchasing, the adversary is waiting with excitement as well in hopes that such purchases become a race to be first and the consumer is distracted.
The Economic Times estimates that, even with the possibility of continued airline cancellations, we are expected to see a 2.2% increase in bookings over the 2025 holiday season. More people in the airports, rushing to their destinations, or potentially waiting for a rebooked flight, is great news for the adversary. Providing increases the odds of compromise as they run their holiday campaigns.
Three Holiday Safety Tips:
Shopping Online.
Buying goods online continues to be the primary choice for many. And with the increase of users, across all age groups, leveraging social media platforms, commerce has skyrocketed as well due to a simple “click.” Many times, with comments looking to entice a potential victim with advertisements like “lowest cost ever” or “Only for the next hour.” We must be very careful here.
- When clicking links in email, on social media, or even in text messages, that refer to holiday sales, we should go directly to the merchant or manufacturer’s website and confirm. Spoofed websites are deceivingly realistic, and the adversary is looking to catch you in a rush.
- If it’s “too good to be true,” you guessed it, it probably is.
Staying Secure on the MOVE!
Many will travel on the holidays, some by car, train, or plane. When waiting in airports or trains, ensure you are on a trusted network and potentially leveraging a VPN when connecting to the internet, especially when transferring funds. There will be many spoofed SSIDs that are close to the airport’s Wi-Fi nomenclature but are in fact connections to the adversary, known as an Evil Twin Attack. Again, hoping to catch you distracted and compromise your data and financial well-being.
Beware of the Phish.
As mentioned above, with the holiday season comes an onslaught of phishing campaigns. While some are very sophisticated and targeted, most are simply relying on the potential victim being distracted. Pay close attention to a few patterns.
- Shipping emails. If you weren’t expecting a package, don’t click the link in the email.
- Grammar/Spelling. Many phishing attempts are riddled with misspelled words or sentences that don’t quite make sense if read completely. Pause and reread before clicking on anything.
- Verify Sender. Always look at the sender of the email to verify that the sender’s domain is legitimate and not a personal email.
Have a cyber safe and joyous 2025 holiday season.