Whenever there are major sales events, shoppers driven by fear of missing out take more chances, creating an opportunity for criminals to exploit.
Cifas has noted that identity fraud is the dominant case type, with 64% of all National Fraud Database cases relating to identity fraud. This translates to 237,642 cases. Fraudsters stole £571.7m in the first six months of 2024, with losses due to unauthorised transactions up 5% from the previous year.
During the festive period last year, buyers lost £11.5m to cyber criminals – an average loss of £695 per victim.
With Black Friday and Cyber Monday marking the beginning of the festive shopping season, Action Fraud data reveals that this is prime time for cybercriminals. More than 16,000 reports of online shopping fraud were made over last year's festive period.
Unfortunately, the bad news doesn't end there. According to the National Cyber Security Centre (NCSC), scammers are likely to increase the use of AI tools to develop more convincing fraud campaigns.
“As we head into the holiday shopping season, people are understandably eager to find the best deals online. Unfortunately, this is also prime time for cyber criminals, who exploit bargain hunters with increasingly sophisticated scams – sometimes crafted using AI – making them harder to detect"
Richard Horne, Chief Executive, NCSC
It's not all doom and gloom, as we have some tips to help keep your money and information safe this festive season.
If it sounds too good to be true, it almost always is. Don't feel pressured into making a purchase because you fear missing out—it makes you more vulnerable. Remember to check the reviews and ratings of sites you have not used before.
Carry out your searches yourself and avoid clicking on links in emails or on social media that promise great deals. Adverts can look like they are from legitimate retailers, but they have been created by fraudsters.
Make sure that you download any updates as soon as they become available in order to protect yourself. If you click on a link or download an attachment in an email, hackers might inject malware into your device, which could steal your login credentials or your payment information.
Public WiFi is not secure and can be easily mimicked or hacked. You should be especially careful to avoid accessing sensitive sites like your bank. If you need to use public WiFi, turn on a VPN which will make it impossible for hackers to intercept.
That includes texts, tweets, phone calls or emails. Be particularly careful with links in messages, as they may not be as authentic or genuine as they sound. If in doubt, double-check with the retailer if the email you have received is legitimate.
For all your accounts, particularly when shopping online. Don't use the same password across multiple sites, and never share your passwords. By following this guidance, you're less likely to fall victim to hackers.
Ensure there's a secure padlock sign on the payment page before you buy. Watch out for poor spelling and low-quality images, which may indicate a 'spoof' site created in a rush. Even if the URL looks like that of a trusted retailer, it could be a retailer scam where the URL almost precisely matches the retailer's website.
If retailers ask if you'd like to save your payment details, decline. It is important never to save your bank details with any online store, even if you are sure it is a legitimate website.
This offers you greater fraud protection. Credit cards typically provide an extra layer of security as they are not linked to your money, and your credit card supplier is jointly liable with the supplier for any fraudulent activity. This is particularly ideal for larger purchases that are over £100.
In this case, you will immediately be notified if any irregular spending occurs. Without notifications turned on, you might miss the opportunity to nip the fraudulent activity in the bud.
Sharing too much information online makes you an easy target for identity theft. Ensure that you guard against fraudsters accessing your information by double-checking your privacy and security settings across your social media accounts.
This is crucial if you're using a shared computer. Staying signed in opens the door to the theft of your personal information and hacking opportunities. Remember always to sign out even if you are in a rush.
Take Five
Take Five is a national campaign offering straightforward, impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams, as well as online fraud – particularly where criminals impersonate trusted organisations.
Financial Fraud Action UK
Financial Fraud Action UK is responsible for leading the collective fight against financial fraud on behalf of the UK payments industry. Their membership includes banks, credit, debit and charge card issuers, and card payment acquirers in the UK.
We have companion articles on several Christmas compliance risks, including Bribery and Fire Safety, plus our handy Christmas Gifts Checklist.
For some festive cheer, check out our Gamified Learning Hub. There you'll find our famous Christmas Compliance Challenge, plus a festive crossword and word search.
If you've any questions or concerns about compliance or e-learning, please get in touch.