Gary Hibberd


It’s Christmas!!

It’s not long now… It’s almost that time of year again where everyone is excited for the opportunity to spend time with loved ones, sharing good stories, fine food and drink and of course gifts. People of all ages are eagerly making plans and writing shopping lists for this festive season.

Christmas is big business for the highstreets and for online retailers. Travel companies too are in full flight as they prepare for the influx of travellers visiting loved ones, or escaping the cold to reach warmer climbs.

But unfortunately not everyone is making plans to give the present of warmth and cheer during  this festive time. Online fraud and scammers are gearing up for one of their busiest times of the year, so we want to help you make this year a terrible year for these people. Please share this guidance with your teams, discuss Cyber safety and how people protect themselves. Remember the saying; “What you hear on the hearth, you’ll repeat in the street.” This is the same in Cyber security. What people do at home, they’ll repeat in the work place. So start encouraging good Cyber hygiene at home and very soon your team will become Cyber’s little helpers!

Shopping online – Do your research

When handing over your hard-earned money, you want to know it’s going to a good cause, or provide a quality product or service.  While this tip isn’t just for Christmas, it’s especially important at this time of year to do your research on the company you are buying from.

Some businesses will be known to you and the research will be relatively easy, such as on Amazon. However fake reviews and feedback may be present so while you may trust Amazon, you should still research items using multiple sites.  This becomes especially important for providers who you have not used previously (see ‘Fake Websites below). As this is a time of giving, many people donate to charities, but again it’s important to know that your money is going to the charity you expect, and not to a cybercriminal.

Beware Fake Websites

Don’t click links in emails taking you to these stores. Creating a new website is incredibly easy, and scammers create these ‘spoof’ websites to trick you into believing you’re visiting a legitimate website. 

Purchasing from these sites can lead you to expose personal details like your banking details, passwords, addresses etc. Often the items don’t turn up, or if they do, then they may not be of the quality you were expecting.

Go to the known website using your search engine. Always be on the look-out for the website address, and if it looks peculiar then it may be a fake site.

Don’t get caught in the phishing net

Around 3.4 billion phishing messages are sent on a daily basis. It’s big business for the scammers, who use emails which are designed to appear to come from trusted organisations (e.g. retailers, government, bank, etc). The aim is to trick you into clicking a link, revealing personal details, or extract money from you.  

Scammers know that you’ll be receiving a lot of advertisements to your inbox, so they hope to hide amongst the masses, in the hope you’ll see their email as legitimate.

When receiving emails with links, hover the mouse over the link to see where it takes you. If the link appears to say  but when you hover over it, it says “https: // WebDesignH/Admin/MLF/Payload” then it could be a scam. 

Equally important is to question the content of the email; Does the grammar and spelling look correct? Does it sound plausible? And is it pressing on you to act NOW?

At this time of year many phishing scams involve sending fake Driving Penalties, as more people use our motorway networks to visit facilities.  A popular scam is to send an enforcement letter, stating you have violated some driving or parking restriction. This often comes with an attachment that is infected with some malicious code that can take over your device.  The email will usually state “You have 30 days to pay the fine or face imprisonment. Act now to avoid further legal action.” 

Scammers are playing on fear, uncertainty and doubt. If you have any concerns, you can go to the Governments own website, where further advice can be provided.

If it looks too good to be true…

In truth, there is nothing new in the world; Scammers have been around for a millennia. But technology has allowed them to industrialise their efforts. Why scam 1 person when you can scam millions?

Social media sites like Twitter, Facebook, Instagram advertise goods all year round, and these ads are placed there by both legitimate companies and scammers.  Be on the lookout for ads that offer vastly discounted prices on products and services (and sometimes they are offered as Free).

We’ve seen everything from computers, iPhones, iPads, flights, and shopping vouchers through to holidays, tickets to concerts, and investment opportunities all at an almost zero cost, or incredibly low price.

Scammers are playing on your curiosity and desire for a bargain, but sadly these purchases rarely live up to their advertised quality. So don’t buy from these advertisers without doing your own research.

Additionally it’s worth knowing that scammers often create attractive looking deals which they post on Facebook asking users to “like” and “share” their advert, with a promise of “for every 100 likes, the 100th person will receive X amount of money”. This helps to boost their page, and places it at the top of news feeds of your friends and family, allowing them to target a wider audience. So be careful what you ‘like’ and what you share, as it may not be all that it appears to be.

Remember the wise saying; “If it looks too good to be true… it probably is!”

Is your computer ready for winter?

Have you ever noticed the signs on the motorway that say “Is your car ready for winter?” The message here is that we need to check that we’re ready for the bad weather, and cold conditions of the season.

Use this reminder to ask if your computer is ready for winter too? Make sure you have updated the device with all the latest security updates available, and make sure your anti-virus (AV) software is up to date. Should you inadvertently click on a link in an email, your AV software is your last line of defence from scammers.

Whilst you’re doing this check up you might want to think about how you use passwords and update/change critical ones. This way, if scammers have obtained your name and password from a previous data breach they are less likely to be able to gain access to your systems and files

Don’t talk to strangers

Scammers will not only use email to try to gather information about you, they will also call you too. Using techniques known as ‘Social Engineering’, they will often call you stating they are from your Bank or utility provider stating that there has been some ‘unusual activity on your account’. Of course they can’t speak to you until you verify your sort code, bank account, address, date of birth etc(!)

If you receive a call or text message from your bank, firstly don’t click on the text message as it could take you to an infected website or contact the scammers directly. Secondly, you should simply ignore the text message and call the bank directly using the number you normally use.  If someone is on the phone claiming to be from the bank, they will not be surprised if you politely explain that you’re busy and that you would like to call them back later. Putting the phone down you can then call back on the usual number and speak to them. If the call was legitimate then they will have a record of it.

Finally it’s worth noting that large retailers and banks in particular recognise these activities are on the increase and they are investing heavily in order to protect us, their customers. We need to work with them and be vigilant to the ever increasing risks of scammers and fraudsters out there.

If you become a victim – act fast!

Sadly , many scammers are highly professional and their scams highly convincing. So firstly, don’t be embarrassed if you fall victim to one of their cons.  But you do need to act quickly.

If you fear you have been conned you should call your bank as quickly as possible and ask them to halt any outgoing payments. As stated above, don’t accept calls from your bank. Call them back on the number you have always used to speak to them.

Banks have an obligation to refund your money, if you have paid via bank or credit card or you can demonstrate the payment was actioned without your authorisation. There are some exceptions, and it really is down to the individual situation and bank. So act quickly and work with your bank to minimise any losses you may have.

If you have been the victim of scammers in this way then you also need to inform the police. This is a crime, so they need to know. You should contact Action Fraud and report what has happened. Although they may not be able to assist in your individual case, it will help them build up a picture of what is happening and also may be another piece in the puzzle for an ongoing investigation. 


Unfortunately scammers and cybercriminals know how to manipulate us, and they have a good understand of the law (often they reside outside our country and jurisdiction). Cybercrime is a complex and complicated network of people and technology, and scammers and criminals know that we are only just catching up. Each of us have to take personal responsibility to protect ourselves and keep our Christmas Merry and bright.

Other resources

Case studies

Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >


See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >


In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >