Security experts say online shoppers should take extra care this Christmas. Picture: Daniel LEAL-OLIVAS / AFP
Security experts say online shoppers should take extra care this Christmas. Picture: Daniel LEAL-OLIVAS / AFP

How to avoid Christmas scams

IT'S not just tinsel, gift wrap, and car park rage that peak at Christmas time, with online security experts warning scams are expected to surge more than 50 per cent this month as cyber criminals target overwhelmed, under-pressure shoppers.

Everything from fake online stores and charity appeals to spoofed parcel delivery notifications will flood Australian inboxes this month in an attempt to take advantage of distracted shoppers.

But there are ways to protect yourself against Yuletide attacks, and they can be as simple as disconnecting from free wi-fi, calling delivery services directly, and paying with your phone.

Australians lost more than $101 million to scams so far this year, and Australian Competition and Consumer Commission deputy chair Delia Rickard said many more would arrive before the big day next week.

"Scammers will take advantage of special days or major events like Christmas to fleece people of their money or personal information," she said.

"We love snagging a great deal online for a loved one's Christmas present and the idea of a bargain holiday is perfect for many after a long year, but don't fall for it."

Fake online stores or online ads for items that didn't exist cost Aussie shoppers almost $3 million this year, she said, while parcel delivery scams enticing users to click on a link in an email had claimed $31,000.

A new report from security firm F5 this week found email links luring victims to malicious websites or downloads increased more than 50 per cent during the last three months of the year.

Former Australian government cyber security strategy lead Lynwen Connick, who now heads ANZ's information security division, said other popular Christmas-time scams included fraudulent digital gift cards, counterfeit travel package deals, and requests from charities that didn't really exist.

"Every year at this time, scammers try to take advantage of people," she said.

"We need consumers to become more aware to cut down on the amount of scams."

Ms Connick said one way to avoid scams was for online shoppers to pause before making any purchases, consider how much information they were giving away about themselves, and whether a site looked legitimate.

She also recommended consumers turn on automatic software updates for their computer or smartphone, and employ two-factor authentication for important accounts, such as email or financial apps, which would issue an SMS PIN for transactions or require a fingerprint.

Unisys Asia Pacific security services director Ashwin Pal said shoppers should also "look for the lock" icon in a website's address bar, carefully scrutinise web links in emails even if they appear legitimate, change passwords frequently, and use online security software to issue warnings about malicious websites.

Other security tips included avoiding easily hacked public wi-fi networks, and using PayPal, Samsung, Google, or Apple Pay services that hid credit card data from third parties.

"It's about the user being aware of what the risks are and protecting themselves," Mr Pal said. "In security there is no 100 per cent cure, but if you have most bases covered, you won't get done over. Scammers are after low-hanging fruit."