Here we are in December. Another semester and year are ending. We are all busy with holiday preparations, parties, and, of course, finals! As the Chief Information Security Officer (CISO) at Chapman, I feel it’s my responsibility to assist in trying to keep everyone in the Chapman community cyber-safe during this festive season. Here is a little “Cyber Santa Story” to get the season off to a cyber-secure start.

Cyber Santa

Ah, the holiday season! A time for joy, giving, and… cyber criminals? Yes, you read that right. This year, it seems even Santa Claus isn’t safe from being impersonated by those pesky cyber crooks. So, gather ’round the virtual fireplace as I tell the tale of the Cyber Santa Ho-Ho-Hoax!

The Setup

It all started with an innocent-looking email. The subject line read, “Santa’s Special Gift Just for You!” Who could resist? After all, it’s from Santa! The email was adorned with festive graphics, twinkling lights, and a jolly old Saint Nick himself. But beware, dear reader, for this Santa had a sinister plan.

The Ho-Ho-Hoax

Our cybercriminal, let’s call him “Scammer Claus,” had crafted the perfect holiday trap. The email promised exclusive access to Santa’s Naughty or Nice list, personalized holiday greetings, and even a chance to win a lifetime supply of candy canes. All you had to do was click the link and enter your personal information. Easy, right?

Wrong! The moment you clicked that link, you were whisked away to a fake North Pole website, complete with a countdown to Christmas and a form asking for your name, address, credit card number, and even your social security number. Because, you know, Santa needs to verify your identity before sending those gifts.

The Fallout

Little did the victims know that Scammer Claus was collecting their information faster than Rudolph flying around the world on Christmas Eve. Credit card details were sold on the dark web, personal information was used for identity theft, and the only thing people received was a lump of coal in their bank accounts.

This is a fun picture, showing "Scammer Santa" taking arrest pictures for stealing data!

The Moral of the Story

You CAN avoid falling for the Cyber Santa Ho-Ho-Hoax! Here are a few tips: 

  • Check the Sender: Make sure the email is from a legitimate source. Santa doesn’t use Gmail, folks.
  • Look for Red Flags: Spelling errors, generic greetings, urgency in taking action, and requests for sensitive information are all signs of a scam.
  • Verify the Website: Before entering any information, ensure the website is secure and legitimate. Look for “https” and a padlock icon in the address bar.
  • Trust Your Gut: If it sounds too good to be true, it probably is. Santa doesn’t need your social security number to deliver presents.

Stay safe this holiday season, and remember: the real Santa would never ask for your credit card details, and Chapman IS&T never asks for your password. Happy holidays, and may your inbox be merry and scam-free! 

 

As always, 

Stay safe, stay vigilant! 

Keith Barros 

Chief Information Security Officer (CISO)