How to Avoid Being Taken for a Cybersecurity Ride This Holiday Season

FINANCIAL ADVICE | GUIDANCE | INSIGHTS | OBSERVATIONS 

With 2024’s checkered flag in sight, most of us are winding down to enjoy the festive mood of the holidays. But cybercriminals see this as the season to gear up, working 24/7 to exploit our increased online activity and the surge in our digital transactions.

Why to Level Up Your Cybersecurity Game

Cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users through ransomware; or interrupting normal business processes. Both financial institutions and their clients are prime targets at this time of year, so understanding how to avoid becoming a victim is crucial.

The evolving nature of these threats demands constant vigilance and proactive strategies. It’s easy to relax your guard or take your eye off the threat during the holiday season – and that is exactly what cybercriminals want you to do.

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.

Key Findings

  • Cybercriminals are constantly evolving their tactics to bypass security measures and exploit vulnerabilities.
  • Social media and publicly available data can help criminals craft hyper-personalized attacks, like spear phishing or vishing (voice phishing).
  • Developments in AI allow for deepfake videos and voice impersonations to be used in facilitating fraud.
  • Machine learning is also applied to analyze victims’ behavior, making scams more personalized and convincing.

It might seem that these are rare events, but the cost of neglecting cybersecurity is far greater than the investment in securing your digital future: it is essential for maintaining privacy, trust, and stability.

“Cybersecurity is not a set of products – it’s a set of practices.”

Ed Amoroso, CEO of TAG Cyber LLC


If you’re still skeptical, here are some insights:

Did You Know?

  • Globally, 48% of SMBs (small and mid-size businesses) have experienced a cyber security incident in the past year. 25% say they have experienced more than one incident in the past year. (Sage Report)
  • The U.S. consistently experiences the highest volume of malware attacks globally, significantly surpassing other regions such as Europe, which has seen a decline in attacks. (Sonicwall Report)
  • There was a 51% increase in phishing attacks hosted at subdomain providers just between May 2023 and April 2024. (Interisle Consulting Group)

“Amateurs hack systems; professionals hack people.”

Bruce Schneier

American Cryptographer & Recipient of the Electronic Privacy Information Center Lifetime Achievement Award


So as you are making your holiday preparations, be aware of the following key cybersecurity risks:

Holiday-themed Phishing Attempts and the Rise of Generative AI

Phishing emails tend to spike during the festive season, with cybercriminals leveraging festive themes to craft deceptive emails cleverly disguised as holiday deals, account verifications, or purchase confirmations.

Cybercriminals take advantage of the season’s goodwill and urgency to trick users into clicking on malicious links, downloading harmful attachments, or entering sensitive information on fake websites.

Malicious parties are also increasingly leveraging artificial intelligence to conduct more sophisticated attacks.

What You Can Do: 

  • Be cautious with unexpected emails, especially those offering too-good-to-be-true narratives or claiming an issue with a recent purchase or investment.
  • Look for signs of phishing, such as generic greetings, grammatical errors, or urgent requests.
  • Always verify the sender before clicking on any links, and access websites directly rather than through e-mail links.

Fraudulent Websites and Social Engineering

The latest trend in cybercrime is that attackers don’t really focus on “hacking” in – they log in instead. Cybercriminals create lookalike websites mimicking popular online retailers, banks, or other financial institutions.

These sites are designed to capture credit card details, login credentials, and other personal information.

Also be careful of scam artists who call you pretending to be someone of importance, like from your bank or other financial institutions. This is known as voice phishing or ‘vishing’. Social engineering tactics aim to manipulate human psychology to trick individuals into divulging sensitive information. Banks and other institutions would likely never call you requesting your account details, PIN or passwords.

What You Can Do: 

  • Verify that you’re on legitimate websites by checking for “https://” in the URL and reviewing the web address closely.
  • Stick to reputable providers and avoid making purchases on sites you’re unfamiliar with.
  • Verify unfamiliar phone calls received with the entity itself before continuing conversations.

Unsecured Public Wi-Fi

Holiday travel often means using publicly available or free Wi-Fi networks, whether in airports, restaurants, or hotels. These networks can be unsecured, allowing for cyber threats such as ‘man-in-the-middle’ attacks, where attackers intercept and sometimes alter communication between two parties.

What You Can Do: 

  • Avoid accessing sensitive accounts or conducting financial transactions over public Wi-Fi.
  • Use mobile data where possible and disconnect from public Wi-Fi when not in use.

Mobile Security is Becoming the Core Focus of Attacks

SMS phishing (‘smishing’) is gaining prominence, thanks to social media and the popularity of messaging platforms like WhatsApp. Attackers use these platforms to try to trick users into downloading malware onto their phones.

What was once a catchy slogan—’There’s an app for that’—has now become an adage for caution. Criminals can easily introduce mobile malware or spyware to a phone through a compromised or fake app.

“In the world of security, the people are often the weakest link.”

Kevin Mitnick

Former Hacker, Security Consultant, and Author of The Art of Deception & The Art of Intrusion

What You Can Do:

  • Exercise caution and verify the legitimacy of incoming messages or friend requests.
  • Make use of your reputable app store, read app reviews or confirm with the app provider.
  • Always ensure there is an additional layer of security on your sensitive-data access platforms.

General Tips for a Safe Festive Season (and Beyond):

  • Use secure payment methods, and always verify payment details by phone if you’re unsure.
  • Monitor your financial activity and statements regularly for unauthorized transactions. Ensure push notifications on your banking app are enabled.
  • Enable multifactor authentication where possible and use strong, complex passwords – or even phrases. Avoid using the same password across multiple platforms.
  • Regularly update your software and consider using advanced security tools like endpoint detection and response (EDR).
  • Back up critical data to prevent ransom leverage.
  • Slow down and be vigilant: Always approach unsolicited communications with caution, whether received via email, text or phone.

From a WestStar Perspective

Staying ahead of the curve in cybersecurity practices is essential to us at WestStar to protect sensitive data, ensure compliance with regulatory standards, and maintain your trust.

We continue to invest in up-to-date defense mechanisms to keep your assets safe. The security teams of the numerous financial institutions we work with remain on high alert during the holiday season, ensuring that you can enjoy a well-deserved rest.

The evolving nature of cyber threats demands constant vigilance and proactive strategies. All current insights remind us that the cost of neglecting cybersecurity is far greater than the investment in securing our digital future. It is essential for maintaining privacy, trust, and stability.

 If you have questions about your specific circumstances, or want to talk about developing a financial plan to effectively address your goals and aspirations, please get in touch.

We welcome the opportunity to chat with you and wish you every success in the future.


Please Note:

The information being provided is strictly as a courtesy. When you link to any of the websites provided here, you are leaving this website. We make no representation as to the completeness or accuracy of information provided at these websites; nor is the company liable for any direct or indirect technical or system issues or any consequences arising out of your access to or your use of third-party technologies, websites, information or programs made available through this website. When you access one of these websites, you are leaving our website and assume total responsibility and risk for your use of the websites to which you are linking.

Sam Gullette, CFP®, CLU®
Certified Financial Planner™

‘My mission in life is to help people take control of their money and avoid financial stresses. My clients are successful professionals and executives, many of whom are compensated heavily with company stock. Together we maximize their wealth-building opportunities, minimize taxes, and make sure their family is protected if life throws them a curveball.’

Erik Alexander
Financial Consultant

‘I work with professionals and executives who are compensated through various forms of company stock.  They have more money than time and struggle to balance the key aspects of their lives. Their decisions affect others, and they feel a huge responsibility towards making them wisely. I enjoy helping them solve their complex problems, and being counted on for their and their families’ financial wellbeing.’