Advent candles on our wreaths are slowly but surely starting to light up - Christmas is coming! The following month is often used to prepare for the Christmas holidays, but it also gives space to slow down after the past year and find peace. The Cybersecurity Team of Masaryk University has prepared an Advent wreath for you for this season. It will shed some light on one topic every week that may be useful for you in pre-Christmas. We will look at what traps cyber attackers can prepare for us during this time - you guessed it right, they're not sleeping. Instead of resting, they reveal places and situations in which we are especially vulnerable when buying gifts and decorating trees. However, it will not only be about pre-Christmas cyber threats. We will also get to other topics. For example, how cookies (not Christmas ones) can interfere with your privacy. If you think it doesn't make sense, follow us, and we'll shed some light on it. :-)
Do you buy gifts online well in advance, or leave it to the last minute? For most people, online shopping is much more convenient than endlessly browsing the malls. E-shops often offer products at much better prices, so why not take advantage of it?
But especially during Christmas, online shopping can be risky for heedless customers. The Internet is full of fraudulent e-shops. Spam and phishing messages arrive in the e-mail inbox with fake discounts, favorable loans for gifts, or requests for payment of postage for a package waiting at the post office. The attackers aim to lure as much personal and sensitive information from people as possible. This also includes login data to various accounts (for example, online banking).
But what to look out for in the flood of Christmas attractions? Fortunately for us, fraudulent e-shops often show similar features:
Significantly lower prices than competitors - too good to be true
Very attractive prices of branded products and discounts are typical for fraudulent websites. Merchants offer these items at a discount of up to 80%. In such cases, these are probably not real pieces, or the seller doesn’t have these products available at all. Here it is advisable to look for the price range in which the product is on the websites of well-known sellers.
URL address
Perhaps at first glance, the URL address looks like the address of a legitimate website. But if we pay a little more attention to this detail, we can notice an almost imperceptible confusion of two letters, the absence of a letter, the different placement of a dot, etc. Attackers rely on our carelessness, inattention, and the possibility of a typo when entering the address manually. A simple check of the URL address will help you avoid fraud and hassles connected with a possible refund.
Grammatical errors in the text
Because the attackers are often from abroad, they rely on machine translation of entire continuous texts. But it is not perfect, which is why after reading it, the sentences may seem incomprehensible with many grammatical errors. In the case of the Czech language, the clues are typical Czech letters with diacritical marks, the use of i/y, or inappropriate punctuation.
Missing terms and conditions and contact details
Merchants intend to provide customers with the most user-friendly experience possible if a problem occurs during an order. Missing information or vice versa, very complicated and incomprehensible conditions is a big red flag suggesting this is not a fair trade.
Untraceable reviews
One of the indicators of a reliable e-shop are positive customer reviews or ratings on comparison websites. If the visited store has no reviews, it may not have sent any shipment yet or does not want to publish negative reviews. Also, remember that the seller can also write excellent reviews.
If you hesitate to order from a domestic e-shop because you are unsure whether it is a fraud, you can verify the seller on the website of the Czech Trade Inspection. Just scroll down, and put the name in the search box under “Hledat:”, which means to search in Czech. You can also check the website's security in Google Transparency Report.
And what to do if you have already purchased something on a questionable website? Do not hesitate to report the incident to the Police of the Czech Republic. We also recommend you contact your bank with a request for a transaction complaint.
Just as Santa or Jesus can see if children misbehave during the year and knows which gifts they grind their teeth on, website operators know what we are looking at and which Christmas gifts caught our attention on their website. One of the ways they get this information is through cookies, which we all know very well as annoying texts that pop up in the window when you first visit a website. But what exactly are they, and what are they used for?
Cookies are short text files sent by visited websites to the browser. It stores them on the user's device, and thus cookies uniquely identify your browser or device. These files can also be stored by other pages whose element (image, map, etc.) is on the displayed page. When you revisit the web, they are sent back to the server to make your next visit more pleasant. The consequence is, for example, that the site remembers the settings you chose yourself last time. There are several types of cookie files. For instance, they are divided according to their duration into seasonal cookies, which are deleted when the window is closed, and persistent cookies, which remain in the browser for a certain period.
The main groups are technical and profile cookies. Technical ones are necessary for the website's proper operation, and their storage does not require our consent. Examples of technical cookies are functional cookies that monitor set preferences (language, font, etc.) and analytical files recording summary data such as the number of users and their interaction with the website. Based on those, better functional elements are created. Profile files display and send personalized advertisements based on the created user profile. But they are also used to ignore ads, limit the number of impressions of a single ad, and measure effectiveness. However, this type of cookie can interfere with the user's privacy in a certain way. Therefore, according to European legislation, the operator must inform the user about their use and ask for their consent.
What, for one, can be an advantage without which they can no longer imagine surfing, for another, can be an unpleasant invasion of privacy. Thanks to cookies, we are shown more relevant search results, recommendations, personalized content (e.g., YouTube), and advertising corresponding to our interests. However, this data is linked to a specific user. Therefore, together with other data, it creates a digital trail, which results in a loss of anonymity.
The good news is that you can usually enable or disable cookies, delete existing saved files, or change preferences for individual websites in the browser settings. So it's up to us whether we make a path out of crumbs for Santa or rather play „hide and seek“.
If you want to change your cookies settings and you use one of the browsers listed below, you can use one of the following instructions for this:
Google Chrome
Safari
Microsoft Edge
Mozilla Firefox
And if you want to go even further and decide to minimize your digital footprint, you can explore options to delete your old, unused, or deactivated accounts, try:
ACCOUNTKILLER.COM or justdelete.me
Are you in a hustle before Christmas? However, this is the time when you should stay alert. Because all of us can become the target of one of the emerging scams during this Christmas period. There are many of those who take advantage of our busyness and distraction. In short, during this time, it's easier to make a mistake, one that can ruin the entire holiday.
Be wary of fake messages
It is a good idea to think a little more carefully about every message during this period. For example, we may receive a notification about an unclaimed shipment or a warning that it is necessary to pay the shipping fee immediately. A message formulated in this way may seem credible at first glance, but in reality, it is a fake message that usually aims to lure money from us.
Scams from bazaars
They pretend to be interested in our goods, which they want to buy immediately. Everything looks great. Maybe too much. The only problem is the fact that the applicant is from far away. They will ask us to send the package through a courier that looks like an established shipping company. The fraud itself is that the page is fake, and the fraudster can very quickly lure various personal and sensitive information from us.
They will send us a link, which usually contains an abbreviation of a known shipping company, but it is not its actual address. For example, in the detected frauds, the fraudsters sent an address in the form of pd-cz.order.5231.biz, but the correct address of DPD is www.dpd.com/cz/cs.
After clicking on the fraudulent link, we are shown the sale summary. Everything looks correct. The fraudster's goal is to obtain information about our payment card or direct access to internet banking. Therefore, everything on the page leads to that goal. We can find there an offer of payment methods that is indistinguishable from those on trusted e-shops, as well as a smartly programmed chatbot from supposed customer support, which fraudsters refer to in the case of our objections to the payment method.
Christmas loans
Planning a loan for Christmas gifts? Scammers are taking advantage of that — offering what seems like an irresistibly good deal, wrapped in cute paper with Christmas patterns and a big festive bow. They promise that the loan will, of course, be processed easily and almost instantly, while next to the “Apply Now” button, the seconds symbolically tick down to Christmas Eve.
Only in small text at the bottom of the page can we find that the maximum APR is approximately 13713,7 %. Regardless of the fees hidden in the contract, which many of us do not read carefully. The amount that a person repays can then be much higher than the loaned sum. It may therefore happen that we would be repaying such a loan also next Christmas. That's why it is a good idea to consider whether you would rather enjoy a relaxing holiday without debt and with symbolic gifts than a holiday with debt that exceeds the value of the purchased gifts.
Just a moment of inattention, and we may lose a lot. It is, therefore, essential to be particularly careful in this pre-Christmas period. It pays off to check more carefully the offers, links, and the meaningfulness of the requests made to us through e-mails and SMS messages.
We have been protecting the cyber environment of Masaryk University for 16 years. Every year we encounter a lot of events that are interesting but also alarming. We always learn something while solving them. This year we also want to share some of this information with you.
The Weakness of One-Time Verification Codes
Multi-factor authentication is an important step toward securing your accounts, but not all methods are equally effective. One-time codes do provide extra protection, but attackers can steal them through phishing — for example, by tricking you into entering the code on a fake website. That’s why we recommend using a software security key. It automatically verifies that you’re logging in to the legitimate service and cannot be used on fraudulent sites. Signing in is quick and convenient — just a click, a fingerprint, or facial recognition. Although the method has some limitations, these can be overcome by using a password manager that stores your security key and allows its use on devices without biometric login. Learn more here.
DeepSeek and the Risks of AI Tools in 2025
In 2025, it became clear that DeepSeek’s AI tools could pose serious risks. User inputs and device information are stored on servers in China, with no transparency about how long the data is kept or whether it is deleted. Available reports indicate that the data is transferred to servers operated by Huawei and China Mobile — companies sanctioned by Czech Republic partners. In January of the same year, millions of records were leaked, including conversations and login credentials. These incidents highlight why using DeepSeek in sensitive academic environments is risky and why safer alternatives should be preferred. Learn more here.
Infostealers – a Silent but Dangerous Threat
Infostealers are a type of spyware malware that spread through infected links, fake software download pages, or phishing emails. They can steal login credentials, payment details, emails, documents, app keys, and other sensitive data. In addition, they may record keystrokes, mine cryptocurrencies, display unwanted ads, or allow remote control of your device. One of the most notorious examples is Lumma Stealer, which uses fake CAPTCHA pages to install malicious code and can even bypass antivirus protection. Prevention is key — use antivirus software, a password manager, multi-factor authentication, trusted download sources, keep your system updated, and watch for suspicious activity on your accounts. Learn more here.
The year 2025 in numbers
However, much more has happened – check the specific numbers.
Total count of incidents in 2025
Automatic detection of attacks/scans
Resolved incidents
Phishing attacks
Copyright infringement
Malware attacks
Sextortion blackmail
Compromised accounts
Spear-phishing attacks
Compromised devices
What is the takeaway from this article?
Cyber attacks are real and can affect all of us. Let's be cautious, educate ourselves, and if necessary, don't hesitate to contact CSIRT-MU – The Cybersecurity Team of Masaryk University.