The “Phishing and Fraud” report, prepared by Webroot and F5 Lab, indicates that the autumn-winter period is particularly favored by cybercriminals. During this time, the number of crimes committed increases by as much as half. A particularly noticeable rise in attacks can be observed in December and January.

Internet users look for Christmas gifts, hunt for end-of-season sales, or plan winter holidays. Their vigilance drops significantly, which fraudsters cleverly exploit. From October to January, there is an extremely large number of phishing campaigns carried out. For your own safety, you should remain especially cautious.

Watch out for malware
When visiting websites, we often pay too little attention to what we are accepting. The average internet user confirms all notifications that hinder the use of a website. To a large extent, it is through carelessness that we install malicious software on our devices. It is worth emphasizing that such software may be part of a phishing campaign, so there is a high probability that our personal data will be taken over. You should also be wary of URL redirects, which can also pose a real danger.
Malicious scripts also deserve special attention. They are usually installed entirely unintentionally, and many people do not realize they exist.
The vast majority (over 70%) of dangerous websites impersonate well-known brands. Therefore, we should exercise particular caution when shopping online. It is worth noting that major technology corporations such as Microsoft, Google, and Facebook are frequently counterfeited. Scammers may lure us with enticing slogans, e.g., “See who visited your Facebook profile.” As fewer people are falling for these kinds of headlines, completely new methods of obtaining data have been introduced.

Domains created for data theft
Interestingly, most of the domains used for cyberattacks are newly registered. Most of them cease to be active within a few days after the attack. It is therefore wise to approach such websites with caution. It is also worth investing in strong malware protection. Of course, remember to install only legal programs from verified sources. These programs not only protect our devices but also warn us of suspicious activity, e.g., when making online transactions.
It might seem that SSL certificates are the best confirmation that a website is legitimate. However, remember that this type of protection only informs us that the connection is encrypted. This means that the data we send will not fall into the wrong hands. Currently, more than half of the websites created for cyberattacks hold an SSL certificate. Therefore, simply the presence of a green padlock next to the web address is not sufficient.
When using your email inbox, do not open links of unknown origin. You should be aware that emails are forged almost perfectly. Not every fake email can be recognized at first glance. Increasingly often, inboxes receive emails imitating messages from auction sites, banks, apps, etc. Frequently, the user has no chance of realizing that they have become a victim of a crime. The stolen data can be used, for example, to break into a bank account. Hence, avoid logging in via links provided in such emails. If you want to check information about a given matter (e.g., a bank payment), manually enter the original website address.