The holidays are a time to be jolly. But that joy can quickly turn to horror for many consumers looking for good deals during this popular shopping period with scammers and cybercriminals looking for their own festive score.
That’s the word of caution from Preston Soobramoney, head of cybersecurity at Old Mutual.
Cyberthreats increase significantly towards the end of the year, with a notable uptick in activity expected around major retail events like Black Friday and continuing through the holiday season.
Soobramoney explains that the surge in online shopping and holiday-related communications provides more opportunities for cybercriminals to exploit.
“The attack surface just widens exponentially. I would think easily 100% to 200%,” he says.
In cybersecurity, an attack surface is the sum of all potential entry points and vulnerabilities where an attacker can gain unauthorised access to a system or data.
At the same time, certain vulnerabilities become easier to target. Attackers focus on times when businesses and individuals might have reduced staffing, due to holidays, potentially leading to slower detection and response times.
During the festive season, people are less guarded and value convenience over security. Attackers exploit urgency, curiosity, and the rush to find deals, Soobramoney notes.
Common methods of attack include “smishing”, where SMS scams are used, often regarding fake parcel deliveries, phishing through emails, and fake sellers on platforms like Facebook Marketplace.
Despite rapid advancements in technology, the methods of attack have long stayed the same.
The change has been in the channels and tools used, Soobramoney says. In that same vein, human error continues to be the biggest vulnerability that criminals exploit.
“Humans will always value convenience over security,” he says. “95% [or maybe slightly less] of security breaches in this day and age are caused by human error.”
A key point of weakness are the passwords people tend to use.
For example, the most common password is the month and date, like “December2025” or “February2014”.
Soobramoney advises that people should use a unique sentence in crafting their passwords instead.
“Say a sentence in your mind that only you would say ... instead of having a password.” These are referred to as passphrases.
The expert shares more advice for people to stay safe online this festive season.
His top recommendation is to enable multi-factor authentication. This adds a second layer of defence, like a code sent to your phone, so that even if an attacker steals your password, they cannot access your account.
He also advocates for people to change their behavior, a concept referred to as “the human firewall”.
Here, people are advised to stop clicking on links in SMS messages or emails, especially those claiming to be from couriers or banks. Instead, manually type the organisation’s URL into your browser or go directly to their official app to verify the information.
“It’s not because we are careless ... it’s because we are human. We think, we feel, we react to it. We click too soon and we trust too easily,” Soobramoney says.
Second is to verify information, messages and sources. In the age of artificial intelligence (AI) and deepfakes, the old adage of “believe your eyes” is no longer enough. If you receive a voice note or video call asking for money, be sceptical.
Further, he advises the public to verify the request through a different channel, like calling the person back on a known number.
Soobramoney advocates for people to slow down. Attackers tend to exploit urgency. If a message demands immediate action, like a “final notice” for a parcel, pause and think before acting.
“Security doesn’t stop at the office. Make it a family conversation — talk to your children about online risks, especially in gaming and social media, where scams often target them. Awareness at home is just as critical as at work,” the expert advises.
Tied to this is to practice good digital hygiene, such as avoiding connecting corporate devices — laptops, phones and tablets — to public Wi-Fi networks, like at airports or coffee shops, without using a VPN.
Finally, consumers should be cautious of deals or processes that seem too convenient or too good to be true.
The driving message is that “humans instinctively prioritise convenience over security”, notes the cybersecurity professional. “Attackers exploit this tendency by dangling irresistible offers, such as massive discounts, to override natural scepticism and lure individuals into risky behaviour.”
So let’s have a jolly holiday season while protecting ourselves by being vigilant, asking questions and verifying before acting.
This article was sponsored by Old Mutual.
