Close this search box.

How The Cyber-Grinch May Steal Christmas: What to Look Out For


As the festive season approaches, Australians should be cautious of hackers looking to steal both Christmas joy and money.

Andrew Hastie MP, Assistant Minister for Defence, has warned Australians to be aware of Christmas grinches who attempt to steal money and personal information through online shopping fraud.

“We all love browsing online for a bargain and it’s a convenient way for many of us to do our Christmas shopping at this time of year, but if you are not alert you could get taken in by fraudulent deals,” Assistant Minister for Defence Hastie said.

According to the Australian Retailers Association and Roy Morgan, Australians are expected to spend more than $58 billion on pre-Christmas shopping, with internet sales accounting for a sizable share.

Australians cannot afford to be complacent, with those aged 25-45 accounting for nearly half of all online retail scam victims.

“Last financial year the Australian Cyber Security Centre (ACSC) received over 11,000 reports of online shopping cybercrime, making up about 17% of all reports to the ACSC’s ReportCyber during this period – and one cybercrime was reported every eight minutes.”

“If an online deal seems too good to be true – it probably is.”

For individuals | How to Stay Cyber-Safe This Christmas:

Be Wary of Holiday e-Cards:

The Cyber-Grinch has been known to deliver malware-infected Christmas e-cards. When you click on a link, your computer gets transformed into a Grinch-bot!

News Headlines for the Holidays or the End of the Year:

‘Tis the season to be duped by an email that appears to be from a friend or a big news outlet. You click on the too-good-to-be-true sale, and you’re infected with malware!

Fake Banking Emails:

Is your banking institution truly sending you a unique Christmas present if you click on a link and “confirm” your username, password, and account numbers this season? Hmm, don’t think so.

The Christmas Phish:

This isn’t the tasty fish that many Europeans offer at Christmas. It’s a unique “phish” created just for you. It aims to persuade you to fill up the gaps with all your private information! It can be seen in the form of a fake email from Amazon, Australia Post or others.

The Christmas Charity Scam:

No, the Cyber-Grinch isn’t raising funds for Cindy Lou this year. If you get an email from a charity you’ve never done business with (even if you’ve heard of them), don’t assume it’s legitimate. Legitimate charities will not send emails to clients who have not previously consented and subscribed to their mailing lists.

Amazon Ads:

Do you shop at Amazon? Be wary of fake emails claiming to be from Amazon informing you that your item has been delayed due to incorrect delivery information. These hackers want you to click on the link and submit your personal contact information and credit card details.

Free Wi-Fi:

After a long day of shopping, all you want to do is relax for five minutes, drink a cup of coffee, and surf the web. And then you notice a business with free Wi-Fi. What you don’t realise is that the security on this “free Wi-Fi” is non-existent, and the Cyber-Grinch is lurking around, waiting to steal your information.

For businesses | Act within your organisation:

  • Utilise and enforce multi-factor authentication for remote access and administrative accounts.
  • Make secure passwords a must, and ensure they are not repeated across several accounts.
  • Determine which IT security personnel are available on weekends and holidays in the case of an incident or ransomware attack.
  • If you utilise remote desktop protocol or any other potentially dangerous service, be sure it is secure and well-monitored.
  • Remind staff not to click on questionable links and hold awareness drills to reduce the risk of human error. A single session of anti-phishing training, according to Lookout, resulted in 50% fewer clicks on phishing URLs over the next 12 months.
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →