Boxing Day sale scam warning: Top tips for avoiding cybercrime during the festive shopping season

Boxing Day sale scam warning: Top tips for avoiding cybercrime during the festive shopping season.
Photo credit: Getty Images

The Christmas season and those frenzied Boxing Day sales are a time of heightened cybercrime in New Zealand, with experts warning Kiwis to be extra vigilant about phishing emails and texts during the festive period.

The warning comes after CERT NZ revealed New Zealanders lost nearly $9 million between July and September in online scams, the largest amount since records began five years ago.

Netsafe reported this year that phishing scams delivered by text message are increasingly favoured by cybercriminals who often impersonate well-known businesses operating in Aotearoa.

This has the potential to be more successful than usual over the next month as Kiwis do their Christmas shopping and expect to receive the likes of delivery updates and special offers.

In recent research from cyber safety brand NortonLifeLock, 22 percent of New Zealanders said they tend to take more risks than usual while shopping online during the holiday season. That is despite more than a quarter of those surveyed (28 percent) saying they had already been the victim of a scam during previous holiday seasons. 

Microsoft NZ's national technology officer Russell Craig says the best advice is if it looks too good to be true, it probably is.

"Scammers are very conscious of current trends and will take advantage of key times like the festive season when people ramp up their online shopping. It's the perfect opportunity for cybercriminals as people expect to see special deals and delivery notifications hit their inboxes," Craig told Newshub.

"You may receive texts or emails about an unspecified parcel that's supposedly being held by a reputable courier company - but clicking on the link will expose your system to malware that allows them to steal your data, banking details and other important information.

"If you don't know which item an email is referring to, don't click the link. Go directly to the seller's website instead, or use the track and trace information they share when the item is dispatched, which should reference exactly what you've ordered."

But what else can we do to stay safe?

Craig has shared five tips to help stop Kiwis becoming victims of cybercrime this festive season:

  • Use different passwords for every website
    It is hard to remember lots of passwords so consider investing in a password manager which allows you to store usernames and passwords securely so that when you create unique passwords for each website, you can store it and access it again automatically.
  • Set up multi-factor authentication
    When websites and services offer the option of setting up what we call two-factor or multi-factor authentication, do it. While it sounds technical, most people have used multi-factor authentication without realising it. It simply means you not only have to know your username and password but can also receive a code in an SMS or log onto an app to prove that it's really you. Microsoft has found that this stops 98 percent of password-based attacks in their tracks. 
  • Avoid clicking on links in emails and text messages
    Even if you recognise the sender, unless you were expecting the link do not click it because criminals like to redirect you to sites which look legitimate but are not. They will use these false sites to steal your money or passwords. Visit the official website of the sender and find the relevant deal or information directly there.
  • Keep your tech up to date
    |When your phone, PC or tablet is asking you to update to the latest version, most of the time these updates contain security fixes which are there to plug the security holes on your device. The sooner you can update your device the sooner you are protected. It's horrifying to think that 78 percent of devices are still using unpatched versions of Microsoft software nine months after a patch is released. If there are any notifications you do need to pay attention to, it's security updates - just make sure it's really your software provider who's sending them!
  • Keep your eyes open
    Whenever you receive a text or email, read it carefully to ensure it is legitimate - if it sounds too good to be true it likely is. As well, if your personal details are in a message, this doesn't mean it is legitimate either as a scammer could be using data they got from a cyber breach. If in doubt go to the website of the company, get their main contact details from there and reach out directly.

What should you do if you're worried you've been a victim of a scam? Reach out for help ASAP from: