Don’t Fall Victim to Christmas Crimes

Sadly, the season of goodwill and cheer also brings a surge in a variety of acquisitive crimes. In our latest blog post we look at what these crimes are and consider what can be done to avoid becoming a victim.

Acquisitive crime, in the UK, tends to surge over the Christmas period. Cases of shoplifting, burglaries and theft all escalate due to increased opportunities for thieves, such as crowded shopping areas, homes filled with valuable gifts and vacant domestic and business properties. People are also targeted in a wide range of scams, frauds and phishing campaigns, intent on stealing valuable personal details.

Here are some of the crimes that people need to be aware of in order to protect themselves by taking sensible precautions.

Parcel Theft or Porch Piracy

There tends to be a very large rise in parcel thefts over the Christmas period. The massive increase in online shopping means many people avoid the busy shops and instead have their online purchases delivered to their addresses. Porch pirates look out for parcels left outside properties or in porches and entranceways - and simply help themselves. 

Various estimates have calculated the value of stolen delivered items, over the past 12 months, at between around £375 million and £666 million. And this is continuing to grow as the crime becomes more widespread. Porch piracy incidents tend to peak around Black Friday, as people take advantage of online sales, and continue to surge in the run up to Christmas.

Police forces throughout the UK have warned the public about parcel theft during the Christmas run-up and have published valuable prevention guidance. Prolific package thieves are receiving significant sentences from the courts, if they are caught and prosecuted. 

Specific incidents of parcel theft tend to be reported via local police press releases and in regional news. The most valuable stolen items include a variety of electronic devices, such as phones, games consoles and sound systems. Branded sportswear and designer goods are also commonly targeted by thieves who are on the lookout for recognisable, branded packaging. Delivered alcohol, speciality foods, confectionery and baby items are also often stolen. There have also been cases in which thieves have targeted restaurant deliveries to steal large quantities of langoustines and premium meats. 

Items are often stolen because recognisable packaging logos make it easy for criminals to identify items of value. Thieves tend to focus on goods that can be quickly turned into cash and easily sold on the black market.

Online Shopping Fraud

Online shopping fraud involves a variety of deceptive practices where criminals trick people into losing money or giving up personal details while buying or selling goods online. These scams include taking payment for fake items, stealing card details via fake websites (phishing), and supplying low-quality, fake goods.

Tactics used by criminals often include the use of fake urgency and too-good-to-be-true deals. Scammers will also sometimes prompt unwary shoppers to use unusual payment methods such as direct bank transfers. Victims can be hooked by an apparently good deal, offered from a fake website that has a collection of fake reviews. The scammers create urgency by claiming there is limited stock or there are other buyers interested in the item, prompting victims to act quickly to secure what they think is a good deal. If the purchased item arrives, the purchaser then discovers its a fake, or it doesn’t arrive at all. 

Over the previous festive period more than 16,000 online shopping scam reports were made to Action Fraud and the National Cyber Security Centre (NCSC). It is estimated that between November 2023 and January 2024 UK shoppers lost around £11.5 million to online shopping fraud. 

Phishing, Smishing and Quishing

Phishing involves using what appears to be legitimate communications to get people to reveal their valuable personal information, such as their credit or debit card details. Smishing is the use of mobile SMS messages, purporting to be from reputable companies, to prompt people to reveal their valuable personal details. Phishing is the broader term encompassing these scams while smishing refers specifically to the use of SMS messages.

Another similar form of fraud is quishing. This scam technique uses malicious QR codes to trick people into visiting fake websites or download harmful malware to their devices, enabling criminals to steal valuable personal details. Fake QR codes are sometimes stuck over the top of genuine QR codes on parking meters or elsewhere. 

The busy Christmas period sees a surge in these crimes. Action Fraud, Citizens Advice and the NCSC warn people about fake delivery messages, sent via email and SMS, telling people about allegedly missed parcel deliveries and prompting them to make payments or click on dangerous links. 

Account Takeover and Payment Fraud

Account Takeover (ATO) fraud is an extremely common and rapidly increasing form of cybercrime wherein criminals steal login details and gain access to people’s online accounts at their banks, social media, email and stores. Criminals use phishing scams to get usernames and passwords and armed with these account details, they take over the accounts, often shutting out the real account owners. 

In 2024 the Credit Industry Fraud Avoidance Scheme (CIFAS) recorded over 74,000 cases of account takeover, up by 76% on the previous year. Notably, the telecommunications sector was particularly hard hit, with a 105% rise in account takeover cases, primarily targeting mobile phone accounts (48% of all filings). 

Unauthorised SIM swaps, a method used to facilitate account takeovers, increased by an astonishing 1,055% year-on-year. Criminals fraudulently convince a victim’s mobile network provider to transfer to a new SIM card that`s under their control. This is achieved by gathering enough personal information on the victim to enable them to impersonate the victim and convince the mobile carrier to disable their SIM card and activate a new one, under the criminal’s control. Once the SIM swap is complete all incoming calls and text messages, including one-time passwords (OTPs) and two-factor authentication (2FA) codes, sent by banks and other online services, are redirected to the criminal`s device. They then use these codes to access and lock the victim out of sensitive personal accounts (banking, email, social media, cryptocurrency).

Seasonal Donation Scams

At Christmas unscrupulous, criminal scammers exploit seasonal generosity to encourage people to donate to fake charity campaigns. Scammers exploit people’s seasonal good-will using emotional appeals such as helping children, elderly people or animals. They use fake websites and social media accounts to mimic legitimate charities and encourage urgent donations when they know many people are distracted by Christmas and won`t verify the charity campaign as genuine.

The overall scale of charity fraud is widely believed to be notably higher than reported statistics due to underreporting. 

Avoid Becoming a Crime Victim at Christmas

Awareness of the various crimes that surge at Christmas is important as this knowledge enables people to think about what they can do to avoid becoming crime victims. Here are some practical, actionable crime-avoidance guidelines.

How to Protect Yourself from Porch Pirates

As noted, porch piracy is on the rise. Some of these crimes are carried out by organised criminals, but many are simply perpetrated by opportunistic criminals who might even be nearby neighbours.

Catching criminals who steal packages from doorsteps and porchways can be very tricky. Video doorbells, that record whoever approaches the doorway, are a very powerful deterrent and can also be helpful to the police in the event of a theft. Other valuable home security enhancements include the installation of motion-activated lighting, CCTV systems and lockable parcel delivery boxes.

Establishing alternative delivery management strategies can avoid losing valuable items to thieves. Items might be left in the care of neighbours, rather than left outside. And providing a secure, concealed location for parcel deliveries means there is nothing on display that might otherwise encourage an opportunistic thief. If possible, request deliveries on days when there will be somebody at home and make certain all delivery people are aware of where parcels can be securely left, without risk of them being seen from the road.

If you are the victim of parcel theft it is important to report the crime to the police. It can also be beneficial to contact the supplier of the lost item as they can sometimes help. Something to avoid is implementing booby traps as these can potentially get the occupier into more serious trouble.

How to Avoid Online Shopping Fraud

To avoid online shopping fraud its worth sticking to known and trusted suppliers, whenever possible. Online sellers who are unfamiliar should always be thoroughly researched before handing over any personal details. Check the sellers online reviews, their company credentials along with their social media accounts and always be skeptical of any offers that appear to be too-good-to-be true. 

Before carrying out any transaction with an online seller its worth checking their website is using https:// and there is a padlock icon in the website address bar. Make sure the site offers a variety of payment options including secure payment gateways like Paypal. Use credit cards or reliable, trusted platforms to make payments as these offer the best fraud prevention.

When creating accounts with online sellers only ever provide the most basic, essential information. Use a strong, unique password for every account and always enable 2FA (two factor authentication). Avoid using public wifi connections when making transactions or logging into accounts and take extra care of your primary email account as this is often used to gain access to other accounts. 

How to Protect Yourself from Phishing

Avoiding phishing, smishing and quishing scams starts with being highly aware of what these are and how they are carried out.

Avoiding phishing scams requires vigilance when dealing with all communications. The most important bottom line rule is to never provide any personal or financial information in response to unsolicited messages. Being hyper-vigilant and looking out for tell-tale signs of phishing attempts will help ensure personal accounts remain safe.

Never open email messages from unknown sources and lookout for suspicious looking email senders who might exploit mis-spelled brand names in an attempt to look legitimate. Lookout for mis-spellings and poor grammar as these are often signs of phishing emails. Be very wary of any emails that prompt you to download something or visit a link as these can potentially be sources of malware. 

Avoiding smishing scams means paying attention to SMS messages and applying the same level of communications vigilance. Avoiding quishing exploits also requires vigilance to make certain only valid QR codes are ever scanned.

How to Avoid Account Takeover Fraud

Account takeover exploits involve gaining access to personal data that’s then used to access various accounts. That’s why its vitally important to use unique, strong passwords for every account and accompany these with passkeys and multi-factor authentication (MFA). 

Remaining highly vigilant of phishing attempts and never clicking on unsolicited links or downloading any untrusted software or attachments is essential. Ensuring all devices are protected with up-to-date anti-malware software is another important precaution. 

Avoid over-sharing personal information via social media as these details can potentially be used by fraudsters to impersonate you. Also, keep a watchful eye on bank accounts and transactions to spot any unauthorised activity. 

How to Avoid Fraudulent Donation Scams

Before making any online charity donation be sure to research the charity, their website and contact details. Use checking resources like Charity Navigator, CharityWatch, or the BBB Wise Giving Alliance to verify legitimacy, financial health, and the specific charity program.

Only ever donate using secure methods such as credit cards and never pay with gift cards, crypto-currency or bank transfer. Be very suspicious of emotional appeals on social media and always carry out thorough research before making any donations. 

What to Do if You Are Targeted

As the crime statistics show, many people will sadly fall victim to various acquisitive crimes over the Christmas period. Here`s some basic guidance on what you can do if you are affected.

Parcel Theft

If delivered parcels appear to have gone missing the first thing to do is use the tracking number to confirm the items were delivered to your address. Many delivery couriers now take photographic records of their deliveries which can be very useful. In the UK the delivery contract is actually with the seller, not the delivery carrier, so its important to contact the seller and let them know that an item that’s marked as “delivered” wasn’t actually received. 

If its suspected the item or items were stolen then the police should be informed. For example, if the delivery courier provides photographic evidence of the delivery, which has subsequently gone missing. A crime reference number, from the police, can help when making a claim from the retailer, insurance provider, courier or finance provider.

Some home insurance policies provide cover for stolen parcels after delivery, so this is worth checking. If the stolen item was purchased using a credit card the Consumer Credit Act 1974 (Section 75) means the credit provider may be able to help. If the item was paid for using a debit card it may be possible to request a “chargeback”.

Phishing Attack

Its important to lookout for signs of phishing attacks and exploitss. These can include unusual and suspicious messages, sometimes prompting you to take urgent action to avoid having an account shut down. Look out for email attachments that were unexpected such as PDF files, documents and compressed Zip files and don’t click on the links as these could install malware. 

Unexpected password reset notifications are a common sign of a phishing attack. Also, lookout for notifications of account login attempts from unusual locations, often sent by Google, Microsoft, Apple and various banks. Receiving these messages can indicate that someone is attempting to access your account(s).

Unusual activity on personal accounts is another sign of a phishing exploit. Look out for social media posts you didn’t make or changes to details such as shipping addresses and payment details on shopping accounts. 

Your anti-virus, anti-malware software may present warnings about malware, unusual downloads, or blocked threats. Many phishing links will attempt to install malware or adware as browser extensions so look out for any new or unusual extensions that you didn’t install. Another sign of an attack is the behaviour and performance of devices. If you notice an unusual slow down in performance, automatic browser redirects, unusual pop-ups appearing on screen or applications opening by themselves, these signs can indicate a malware infection.

If you suspect your device has been targeted it should be disconnected from the internet and subjected to a full anti-virus and anti-malware scan. The internet browser cookies and cache should be fully cleared and all software should be updated to the latest versions, including the operating system. If necessary, seek professional help to completely reset the device to original factory settings.

If an attacker has gained access to personal banking details or shopping account details then the banks and retailers must be contacted immediately. Banks will place a fraud alert on the account and examine account activity to identify and block any fraudulent transactions. Acting quickly when suspicious activity is detected is vitally important.

Updating passwords and enabling two-factor authentication on all accounts is an important precaution. Every account should always use a unique, strong password.

If you have any questions about property security, or if you have any special requirements, remember we are here to help. Give us a call on 01273 092921 and we’ll provide you with free, expert advice.

For more information on Don’t Fall Victim to Christmas Crimes talk to Insight Security