Christmas is a time when the pace of life accelerates, online shopping and banking transactions multiply and, with it, so do the risks associated with digital fraud. Scams targeting consumers and businesses intensify at this time of year due to the increase in Internet activity, creating the perfect scenario for cybercriminals to deploy their strategies.
In this context, the technology consulting firm Stratesys warns of a particularly notable growth in SMS scams, known as smishing, which have established themselves as the fastest growing fraud channel during this festive period.
The rise of SMS scams and other Christmas scams
Although fraudulent messages such as notifications of problems with an order or suspicious account charges are a recurring problem, this year they have become more sophisticated. According to experts, criminals not only send texts with spelling mistakes or obvious errors, but also use more subtle mechanisms to convince the victim.
The key to fraud lies in the use of two universal human emotions: urgency and fear. The messages seek to provoke an immediate reaction, so that the user acts without thinking. “Today’s scams no longer rely so much on obvious errors as on well-constructed messages that play on urgency and fear. Detecting them does not require technical knowledge, but rather stopping and verifying before acting,” explains Javier Castro, director of the cybersecurity area at Stratesys.
These types of scams can also arrive by e-mail or telephone calls (vishing), but it is smishing that has grown the most in recent months, precisely because SMS is perceived as a more personal and reliable channel.
Clear signs to recognize a fraud attempt
You don’t have to be a cybersecurity expert to identify a fraud attempt. There are several common signs that can alert you that a message is not legitimate:
- Extreme urgency: Messages warning of dire consequences if you don’t act “right now” are often attempts to manipulate you into not thinking before clicking on a link or calling a number.
- Suspicious domains or referrers: Although many links appear legitimate, they may contain small variations in the URL that go unnoticed at first glance but actually redirect to fake sites.
- Unusual requests for information: No legitimate entity will ask for passwords, PINs or full credentials via SMS, email or phone call. If this type of information is requested, it is most likely phishing.
An important point is that the victim himself often provides sensitive data by following a link in the SMS or returning a call. This is precisely what makes the fraud so effective: SMS is perceived as a more personal and reliable channel, usually used by banks or courier companies.
Why do we keep falling for frauds?
The success of these campaigns is not only due to the technical skill of the fraudsters. So-called “notification fatigue” plays a key role in many cases. Users receive so many notices and alerts a day that they tend to automate certain actions without checking the origin of the messages. Other factors that increase risk include:
-
Password reuse: Using the same password in several services can facilitate access to accounts if one of them is compromised.
-
Overexposure of data on social networks: Sharing personal information makes it easier for criminals to personalize their attacks.
-
Unpatched devices or applications: Systems without recent security patches may maintain known vulnerabilities that attackers can exploit.
Is mobile shopping less secure?
Shopping from a cell phone is not necessarily more insecure than shopping from a computer. In fact, many smartphones incorporate systems such as biometric authentication, which can strengthen protection against unauthorized access. However, the smaller screen makes it difficult to review links and information in detail, which can make it easier to fall foul of fraud if you are not paying attention.
In addition, public WiFi networks, frequent in shopping malls and crowded spaces during these dates, may be less secure, making it easier for cybercriminals to intercept information if adequate precautions are not taken.
What to do if you have already been a victim of a scam
If you have unfortunately already fallen for a digital scam, acting quickly is key to minimizing damage. Steps recommended by experts include:
- Contact your bank immediately: This may allow you to block cards or payment methods before unauthorized charges are made.
- Collect evidence: Saving screenshots, messages and any type of correspondence can be useful for reporting.
- File a report with the appropriate authorities: This can help initiate an investigation and, in some cases, recover funds.
- Change passwords if personal data has been provided: This includes emails, bank accounts and other platforms where those credentials are used.
The possibility of recovering the lost money will depend to a large extent on the payment method used and how quickly the fraud is identified and acted upon.
The role of artificial intelligence in Christmas scams
One of the emerging concerns in digital fraud is the use of artificial intelligence to craft more natural and believable messages. This technology makes it possible to construct texts that appear to be written by a real person, eliminating errors typical of fraud and increasing the likelihood that the user will fall for the trap.
According to experts, this raises the level of sophistication of attacks and makes it imperative to maintain a critical and cautious approach to any request coming from unverified channels.
At Christmas, when online activity intensifies and the volume of communications increases, attackers have an advantage if they can get you to act in a hurry. That is why, beyond technological tools, the best defense is still attention and caution. As Stratesys concludes: “At Christmas, the attacker wins when he gets us to act in haste. Being wary of urgency and always checking through official channels remains the most effective defense.”
