Product Family

As we head into this holiday season full of family, joy and celebration, it is a good time to remember to be smart and cautious in the cyber world.  This is especially important on Monday, December 1, better known as Cyber Monday in the US.  Today, Cyber Monday is viewed as the kickoff to the online holiday shopping season, when shoppers flood websites to take advantage of retailers’ online promotions.  

According to the National Retail Federation (NRF), more than 25 million Americans shopped with their mobile devices alone on Cyber Monday in 2013.  And that does not include the ‘early birds’ that began their online shopping as early as Thanksgiving evening as retailers unveil their sales., a division of the NRF, projects 2014 online holiday sales to increase between 8-11% to as much as $105 billion during the months of November and December. They also project that the average shopper will do 44% of their holiday shopping online.

We are all human, we are busy and we are more inclined to click quickly during the holiday season to get that one very special bargain.  Cyber criminals know this and they will go where the money is.  So, as online holiday picks up speed over the Thanksgiving weekend, expect increased malicious activity such as phishing scams and malware campaigns especially on social media and mobile devices. 

Here is some practical advice to help you keep an eye out for these holiday scams:

  1. If it’s too good to be true, it probably is.  Your inbox will be filled with your share of holiday spam and phishing attempts that advertise   iPhones, tablets and those really hard to get toys that are the perfect gift.  The hype and limited availability of the new iPhone6 and iPad Air2 is a dream scenario for the cybercriminals.  They will mention these must-have gifts in dangerous links, phony contests, and phishing emails with headlines such as “Free iPad Air”, “one day special”, or “ridiculously low price for a limited time only” to grab your attention.  Their hope is that you will provide personal information or click on a dangerous link that could download malware onto your machine.   The link may also take you to a phony eTailers where they will gather your credit card number and other personal details, obtain your money and you never receive the merchandise.  To avoid being hacked, always enter the shop's URL in your browser, rather than following the links contained in an email.
  2. Stay vigilant when using social media.  We all want to share that holiday spirit and what better way than on social media.  Cybercriminals understand this and know that they can catch you off guard as you quickly tweet, post and “like”.  It’s just as easy to use Facebook or Twitter (vs a website) to perpetuate scams during the holidays.  Think twice before clicking or liking posts, accepting that raffle prize, or following the link to your “friend’s” page that shows you how to get the hottest holiday gifts.  Also, be on the lookout for malicious mobile apps that can steal your information or send out premium rate text messages that very quickly run up your bill.  Twitter ads and special discounts use blind, shortened links that could contain malware.  Again, it is far safer to type the URL in the browser.
  3. Be wary of fake charities.  This is one of the biggest scams of every holiday season as it is easily the most popular time of the year to make charitable donations.  Cybercriminals count on your generosity and hope to get their share by sending phishing and/or spam emails advertising fake charities.  Type the charity’s name into your web browser.  Do not follow the link in the email and remember to check the Federal Trade Commission's Charity Checklist.

And, one more reminder, always use your credit card to shop, not your debit card.  There are more security protections on your credit card and your maximum out of pocket loss is $50 if the card is used fraudulently.  You do not have as much protection with your debit card.  If breached, the cybercriminal can quickly empty your banking and possibly other accounts if they are linked.  It could take you months or more to get that money back.

For further information on keeping the holidays safe, check out the excellent advice found at the U.S. Computer Emergency Readiness Team website.


About the AuthorThomas Dunbar is the Chief Information Risk Officer for XL Group Ltd. Mr. Dunbar is responsible for XL Group’s overall Information Risk Management program, including the company’s information risk and security strategies, tactics, planning, governance, architecture and operations. He is a member of the IT Leadership team, the Operations Risk Committee, and the Data Privacy Committee. He joined XL in 2002 as their first Global CISO.


More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.