Back to Newsroom

Don’t Let Krampus Hack Your Information

Margaret Geoghegan

As the holiday festivities unfold, it is the perfect time to create your Wishlist. For most people, this includes home décor, experiences, and other seasonal favorites. However, unlike the average person, Krampus—the anti-Santa Claus—is a criminal whose Wishlist consists of committing fraud, stealing personal information, extortion, and more. In fact, theft and larceny see a 20-30% increase every holiday season according to the National Crime Victimization Survey (NCVS). With criminals leveraging advanced tools and technologies, these crimes have become more sophisticated and harder to detect.

In today’s age of AI, it has never been easier for criminals to achieve their goals. With vast amounts of personal information, money, and access available online, criminals have an increasing number of entry points and vulnerabilities to exploit. Whether it is stealing personal data, committing financial fraud, or manipulating reputations and trust, AI tools streamline these activities. Criminals can use AI to target specific individuals or organizations, creating chaos and disruption during the busiest time of the year. Additionally, the theft of intellectual property and control over critical systems have become more achievable—all made easier through AI-driven technologies that bad actors exploit.

As daunting as this may sound, there are practical steps you can take to protect yourself:

Tips to Safeguard Your Information

  • Data Privacy Best Practices: Understand how your information is being tracked and managed. NEVER share personal information unless absolutely necessary and with verified organizations. Use strong, unique passwords for each account, enable two-factor authentication wherever possible, and be cautious when sharing information online or over the phone. Regularly review and update privacy settings on social media and other platforms to control who can access your data.
  • Don’t Mail Checks: Check fraud is actually on the rise.   If your company is still mailing checks, move to an ACH electronic payment and auto-draws.  This goes for company payments but also your personal payments.  Checks are intercepted in the mail and then new checks are produced with your information.
  • On-line Shopping: Try to use only one credit card and one separate email address for all your on-line shopping.  This isolates any potential future theft and allows you to easily track it down and put a stop to it.  It also keeps your regular email free of advertising and offers by isolating your on-line shopping to one email account.
  • “Want to go golfing?”: Avoid engaging with bizarre random text messages.  A common scam is sending random text messages to engage with you socially.  The person/criminal sending you the text already has your cell phone number, so now they are trying to engage with you in conversation to learn more about you.  Typically elderly people living alone fall most victim to this scam.  The best action is block and delete and don’t respond.  Otherwise through social engineering the person on the other end will continually try to engage with you on future texts to begin building a profile of information about you.  For example, “I found your dog!” or “I got pictures of your kids recital!’,  how much more creepy can it get.  But they are just trying to elicit a reaction and get you to engage and give up more information know many people’s passwords are their pet or children’s names.
  • Robust Verification System: A robust verification system goes beyond two-factor authentication. Use secure methods for confirming identities, such as a safe word or personalized security questions only you would know. For instance, you might ask, “What baseball team did my great-grandpa play for?” This extra layer of security ensures only authorized individuals can access sensitive information. It is also helpful when dealing with someone whose identity you are unsure of, providing an added level of assurance before sharing personal details or trusting them.
  • DIY Verification: When someone sends you a link or phone number, DO NOT click on it or dial it directly. Instead, verify it yourself. If it is a link, search for the information on a trusted platform to confirm its legitimacy. If it is a phone number, call the official number of the organization or person directly not the one you received in the email. This simple step can protect you from scams and phishing attempts.
  • Fake Password Verification: If you receive a random pop-up asking you to verify your Microsoft, Google, or Apple Password and you are not sure if it is real, then put in the wrong password and see if it rejects it or if the pop-up window disappears.   The criminal will not know your actual password so if you put in the wrong password and the pop-up window disappears and “accepts it” then it was a scam and it was merely trying to collect whatever you typed in.
  • The Found USB: If you found a piece of wrapped candy on the sidewalk, would you unwrap it an put it in your mouth?  Of course not!  Hence if you find a USB drive, don’t be curious and insert it into your computer.  One method of hacking into company systems is randomly placing infected USB drives in the parking lot of a company. Like a Trojan Horse, once you let it in, it will begin to unleash its contents.
  • Stick to the Familiar: Avoid using unfamiliar or public Wi-Fi networks, as they can expose your devices to potential security risks. The same caution applies to websites and apps—only visit secure and trustworthy sites. Look for “https” in the URL, and ensure apps are downloaded from verified sources before entering any personal information.

This holiday season do not let criminals like Krampus check anything off their Wishlist. The only thing Krampus deserves is coal. At Sagin LLC, we are here to ensure that happens. Across various industries, ranging from small startups to mid-size organizations—we work tirelessly to identify vulnerabilities, strengthen cybersecurity measures, and educate teams on best practices to safeguard against emerging threats. By leveraging cutting-edge technology and expertise, we ensure that you and your business remain protected. Let us help you stay ahead of the curve so that Krampus and other criminals get nothing but coal in their stockings this year.

Sagin, LLC is a management consulting and IT managed services firm which provides full service 24/7 support to organizations including help desk, infrastructure, server/cloud management, data security risk mitigation, strategic planning and specializing in non-profits. For more information about an independent assessment protecting your organization or how to better manage IT costs, you can contact us at: info@saginllc.com or visit us at: www.saginllc.com or +1.312.281.0290.

Stay connected with us. Join our mailing list.

  • This field is for validation purposes and should be left unchanged.