“Verify your received refund,” reads an email impersonating a major commercial platform that surfaced in recent days. Despite the alarming message, there is no actual refund, nor was there a purchase. Instead, it lures recipients to click a link that could compromise personal and banking information. Electronic crime has surged this Christmas season, with the days leading up to the holiday seeing a rise in fraud incidents. The period from Black Friday to Kings Day has been identified as the peak time for digital fraud.
Types of Scams on the Rise
Fake rentals, non-existent travel deals, and phishing messages displaying the names of banks or courier companies are all tactics used by cybercriminals to exploit consumers during this holiday shopping frenzy. Josep Albors, the head of Research and Awareness at ESET Spain, discussed recent findings, revealing that the threat graph for the last quarter of the year consistently reaches its peak, alongside similar spikes during Easter and summer vacations.
“Criminals adapt to our customs,” Albors explained. “Post-holidays, detection of threats decreases as people return to regular routines. However, we see increases during Easter, the May long weekend, and summer holidays.” This pattern is confirmed by the latest annual cybercrime report from the Ministry of the Interior.
Cybercrime Statistics in Spain
The report highlights that in 2024, computer fraud accounted for 412,850 of the nearly 465,000 crimes recorded in the digital realm, representing a staggering 88% of all cyber offenses. Of these, over 25% were reported between Black Friday and Epiphany.
Further analysis indicates that cyber scams now make up 86.4% of all cybercrime, accounting for 17.5% of total crime in Spain. Remarkably, known computer scams have surged by 488.3% in just nine years since 2016.
The Evolution of Scams
Albors also pointed out the rise of identity theft schemes targeting e-commerce customers during this heavily consumer-driven season. He cautioned against potential fraud involving mobile payment systems and smartwatches, stressing that, while generally secure, they are not immune to exploitation.
Fraud techniques often involve malware designed to intercept Near Field Communication (NFC) signals, allowing attackers to replicate credit card information and make unauthorized payments. Albors noted that malicious apps can even appear on trusted platforms, heightening the urgency for vigilance among consumers.
Public Awareness and Security Recommendations
Andrés Llamas, cybersecurity director at the technology firm HBX Group, echoed Albors' sentiments, stating that the Christmas season presents a unique set of vulnerabilities. “During this time, people often relax their defenses and use their devices more casually, making it easier for phishing attacks to go unnoticed,” he observed.
The proliferation of public Wi-Fi networks in places like airports and hotels further increases the risk, especially if corporate tools are accessed without proper security measures like VPNs or multi-factor authentication.
Preventive Measures
Llamas advised implementing strong internet security practices, particularly when connecting to public Wi-Fi. Users should always utilize a VPN and be cautious with sensitive system access. It is also crucial to disable automatic connections to open networks to minimize risk.
Additionally, managing credentials with unique and strong passwords for each service is vital. Tools like password managers can help, and enabling multi-factor authentication significantly decreases the likelihood of unauthorized access.
Maintaining a critical approach to emails and messages is equally important. Llamas urged users to take a moment to analyze communications, especially during the holidays when phishing attempts surge. If unsure about an email's legitimacy, the best course of action is to refrain from clicking any links and verify the request through an alternative channel.
For travelers, Llamas recommends keeping devices and applications updated, using encrypted services, activating biometric locks or secure PINs, and backing up data. These precautions can help mitigate the impact of potential theft or loss.
