'Tis the Season for Giving – But Don’t Give Your Identity Away This Christmas!

Updated in December 2025.

This year has been jam-packed with all things AI and while most of the developments have ranged from exciting to jaw dropping, AI developments in phishing and scamming have been more alarming than inspiring!  

Attackers are now using large language models to generate grammatically perfect, professionally sounding (and looking) and contextually appropriate emails and text messages. Using publicly available information in social media and in the news, AI can be used to quickly craft messages that are highly specific and incredibly convincing, which has led to massive surge in AI generated phishing attacks.  

In the past, the guidance at this time of the year was to be on the lookout for fake offers and emails, but now the advice is to treat every unsolicited message requesting your personal data, a click on a link or to take urgent action as suspicious, no matter how professional or convincing it looks. If you are not sure, the best way to validate the request is to verify it through a separate, trusted channel. For example, if the email is from a store or business, contact them via phone using a known number via their public contact channels, or if it’s a link, go to the website via your browser directly, rather than by clicking on the link in the email.  

‍

‍The rise of deepfake voice scams – also known as Vishing

One of the most significant and distressing new threats to consumer security, leverages the emotional trust we place in a familiar voice. Voice cloning scams use AI to clone the voice of a family member, friend, or boss from a few seconds of public audio (like a social media video) to then prey on your trusted relationship with that person to elicit some kind of urgent payment or action.  

One example to be wary of is what is referred to as the ‘grandparent scam’ where scammers are calling elderly relatives and play an AI-cloned voice of a grandchild in distress asking for help and urgently requesting money to be transferred to an account.  

When someone you love appears to be in distress it’s very triggering but it’s important to stay alert. Listen for odd pauses in the conversation, you can hang up and call back to their usual mobile number, or try to ask questions to the caller that only the real relative would know, to validate their authenticity. It’s becoming more common for families to agree on a unique, memorable and unguessable ‘safe word’ to use in situations like these.  

‍

Buying online? 

In addition to making sure you are shopping at trusted sites with secure payment systems and reviewing online feedback and ratings for any warning signals, some steps to keep your online accounts secure include:

• Using a different password for each online account – that way, if your password gets compromised, it’s limited to one site only.

• MFA remains a critical defence against credential theft, which is often the first step in an attack. If there is the option, enable two-factor authentication – a second code required to get into your account is a really effective method to keep your account secure.

• Make sure your passwords are hard to guess. Make them long and complicated for someone else to figure out  

• Verify sites before entering payment data and personal information.

• Verify attachments in emails are safe before downloading them.

• Avoid clicking on links. Verify links in emails are from trusted sources.  Go directly to the website to access your account instead.

• Use the banking apps on your mobile device – they have great anti-phishing and scam technology built-in.

‍

Cyber safety while traveling

Be wary of joining public Wi-Fi networks, where possible, use your mobile phone as a hotspot instead.

Another way to reduce the chances of being hacked is by keeping applications on phones and laptops updated to the latest version. This can be achieved by enabling auto-updates where available. Otherwise, manually check that updates are enabled for devices, browsers and other apps. It's also important to download mobile phone apps only from their certified app store, e.g., Google Play or the Apple app store.

Always validate changes to your travel plans via the official airline or hotel app / website to verify rather than via mass media.

‍

‍Keep kids cyber safe in the age of AI

The existing advice to discuss deepfakes and not share personal information online still remain vital conversations to have with your young ones, but it’s important to expand on these to cover AI-driven relationships and voice scams as well.  

• Discuss potential synthetic friend scams: scammers are using Generative AI to create hyper-realistic online profiles, images, and chat responses, sometimes called synthetic identities. Encourage your children to be extremely cautious of new online friends who rapidly try to move conversations to private channels, ask for personal details, or request money.

• As mentioned above, with the threat of AI voice cloning, establishing a secret family ‘safe word’ that your children can use in an emergency and when making urgent requests for money to the family ATM.  

• Reiterate the need to download games and apps only from certified app stores such as the Apple App Store or Google Play store, third-party stores are a major source of malware and should be avoided.

‍

Be prepared, just in case

While we try our best to avoid being compromised, it’s entirely possible that someone you know will fall victim to a cyber-attack these holidays. Here are some recommended actions if the worst happens:

• Monitor bank account and credit card activity over this period to quickly spot any unapproved activities.

• Use the banking apps on your mobile device – they have great anti-phishing and scam technology built-in.

• Contact the Police to let them know if you have been hacked.

• Contact your bank, and they will help you cancel your cards and get new ones and provide you with some other recommendations to recover from the attack.

• Remember to reset your passwords on your compromised accounts, with strong unique passwords, adding two-factor authentication where you can.

Netsafe.org.nz is a good resource for learning more about online safety.

We wish you a very happy and cyber safe Christmas!