As Santa begins his travels, specialists are warning that his arrival might convey with it a spread of cyber dangers, from scams to insecure devices.
While Santa prefers to ship through chimney, most cybercriminals are on the lookout for backdoors. In some circumstances, hackers desire to ship malicious communications through e mail. Worryingly, in 2025, scams are usually not simply extra widespread, they’re usually tougher to identify. Earlier this month, researchers from the staff at Verify Level detected 33,502 Christmas-themed phishing emails within the first two weeks of December, together with greater than 10,000 pretend commercials being created each day on social media channels. Many mimic festive promotions, whereas others push pretend Walmart or House Depot offers, fraudulent charity appeals, and pressing supply notices.
Why is that this time of yr so in style for cybercriminals? Ian Porteous, Regional Director, Safety Engineering, UK & Eire at Verify Level Software program, notes that “Cybercriminals love Christmas simply as a lot as customers do, however for all of the mistaken causes. This time of yr, persons are extra uncovered as a result of sheer quantity of digital interactions – procuring on-line, sending e-cards, and grabbing festive offers. That makes it the proper alternative for scammers.”
Which different varieties of assaults ought to customers look out for?
Javvad Malik, Lead CISO Advisor at KnowBe4, highlighted a spread of widespread festive scams that buyers ought to be alert to through the Christmas interval. He warned that these embrace “pretend courier messages – like texts from Royal Mail, DPD, Evri and so on”, usually claiming “we tried and didn’t ship” or asking recipients to “pay a small payment to launch it”. Malik additionally pointed to offers which are too good to be true, equivalent to “ridiculous financial savings, 90% off named manufacturers”, in addition to reward card scams and pressing favour requests, sometimes showing as “a WhatsApp or e mail out of your boss or member of the family normally”. Different techniques embrace charity scams involving “pretend charities attempting to drag at heartstrings through the season of giving”, fraudulent procuring emails claiming “your fee failed” or that “your Black Friday order couldn’t be processed”, and vacation job or aspect hustle presents that require victims to “pay an upfront payment for coaching or admin”, which in some circumstances can lead to people unknowingly turning into cash mules.
Many people will hope to unwrap a brand new gadget tomorrow morning, however Anne Cutler, cybersecurity knowledgeable at Keeper Safety, is warning that these items can include hidden dangers if left unsecured. “As sensible, AI-enabled devices change into among the hottest items this vacation season, households are unknowingly increasing their digital assault floor,” she stated. “From linked toys and wearables to voice assistants and residential cameras, many of those gadgets are successfully small computer systems with microphones, sensors and fixed web entry. To make issues worse, they’re normally offered with minimal safety settings because the default.”
Cutler warned that “the most typical mistake households make is trusting default passwords and manufacturing unit settings”, one thing cybercriminals actively exploit by scanning for unsecured gadgets. She added that whereas these merchandise can seem innocent, “from behavioural monitoring to hidden software program vulnerabilities, these trendy gadgets can appear innocent, however essentially they will pose real threats to the privateness and safety of households”.
Dad and mom are being inspired to evaluation privateness and security settings earlier than kids start utilizing new gadgets, together with disabling pointless entry to cameras or microphones and limiting information sharing, significantly the place interactions could also be used for “mannequin enchancment”. Consultants additionally warning that AI-enabled toys introduce further dangers as a result of they will behave unpredictably, with issues starting from “hallucinations or unsafe responses” to information leakage and breach-related cyber assaults, the place stolen recordings, pictures or movies may very well be used for phishing, voice impersonation or deepfake content material.
Cutler concluded: “Related gadgets are actually a everlasting a part of household life, and they need to be handled with the identical care as every other internet-facing system. By staying knowledgeable and vigilant, households can benefit from the vacation season with confidence, whereas balancing the enjoyable of recent tech with a safe and privacy-conscious digital dwelling.”
“Digital safety at Christmas begins with prevention,” provides Ian Porteous from Verify Level. “Staying alert and cautious on-line could make all of the distinction – defending your private info and making certain a stress-free festive season.”
Javvad Malik from KnowBe4, urges customers to ask the next questions earlier than taking motion:
- Was I anticipating this?
- Is that this how we usually do it?
- Is that this invoking an emotional response?
- Is it time-sensitive (dashing me)?
- Have I checked it someplace else?
