As if there wasn’t enough phishing to deal with related to the pandemic, inboxes are about to get flooded with a bunch more, themed to the holiday season. During last year’s holiday season, phishing attacks increased 400% in the first week of November alone.
It’s easy to fall for holiday scams because people are busy with seasonal activities, one of which is online holiday shopping. People are used to receiving an increased amount of email, including shipping notices, holiday promotion emails, order receipts, and charitable donation requests during this time.
In fact, cybercriminals take advantage of all those types of seasonal emails by spoofing them and inserting their own malicious links and attachments.
These holiday phishing scams increase the danger to business networks, because employees often check personal email while at work. They may also be getting these scams sent directly to their work email, purporting to be a business purchase, such as the phishing example below.
What’s the Best Defense Against Holiday Phishing Attacks?
It’s best to take a layered strategy when defending against phishing attacks. This includes:
- Training employees to be aware of the latest phishing scams they may see
- Conducting continuous IT security training throughout the year
- Putting anti-malware and other threat protection in place on your network
- Using DNS filtering to block dangerous websites
- Using email spam/phishing filtering to block unwanted email
Employee awareness is one of the most important safeguards when it comes to phishing emails, because they are the target of these scams. Providing consistent employee security awareness training has been shown to reduce risk of a cybersecurity incident by 40-50%.
Watch Out for These Holiday Phishing Emails
Fake Order Receipt
Phishing scammers will send fake order receipt emails that look like they’re from well-known retailers. The goal is to have a person react emotionally because, either didn’t place the order and are angry and want to resolve the mistake, or because they’re curious and want to see what they may have ordered.
Either way, the order link provided will typically send the user to a fake sign-in form designed to steal login credentials or a malware-laden website.
Spoofed Shipment Tracking
Online holiday purchases mean order tracking notices come in at a higher rate than the rest of the year. Scammers take advantage of this by sending phishing designed to look like it’s from a company such as UPS.
The link will take the user to a malicious site that can download ransomware, spyware, or another type of malware.
Charitable Contribution Scam
Charities often take advantage of the giving spirit of the holiday season to increase their outreach efforts. Phishing scammers send out fake donation requests with heartfelt images to try to get someone to not only give them money, but also to give them their credit card details.
If employees or companies want to donate, it’s always best to do it through a reputable organisation and by going directly to their site, not through an email link.
Gift Card Phishing Scam
One of the more sophisticated scams is designed to impersonate an employee in a position of power at an organisation, such as a manager or supervisor.
Scammers can easily find this information on a corporate website or a social site like LinkedIn.
They send an email purporting to be from the manager to a lower-level employee. It will say something like this:
“I completely forgot to have you buy gift cards for our top clients, and I have outreach visits to them this afternoon. I’m in meetings all morning and unreachable. I need you to purchase 10 x $100 gift card and email me the numbers so I can have those for my visits. I’ll reimburse you as soon as I’m back.”
This scam is designed to take advantage of an employee’s desire to please the person in power. The scam uses the ploy that the sender will be “unreachable” to dissuade the recipient from calling to ask any questions.
Once the card numbers are sent, they’re immediately used, and the employee or company is out the money. This scam is also sometimes done by text message.
Employees should always contact the person using the contact details they have on file for them if they receive an unusual request like this.
Fake Holiday Sales & Promotions
When you see a rock bottom price on a new iPhone 12 or anther gadget you’ve been wanting to buy, it can be hard to resist checking it out to see if it’s legitimate.
Unfortunately, this often leads to people clicking fake holiday sale emails and be taken to sites that do drive-by downloads of malware.
It’s important to by hypervigilant during the holiday season and to avoid clicking links in emails whenever possible. If the sale is from a legitimate retailer, going to their website directly should show the same sale and be safer than clicking a link.
Does Your Brisbane Business Have DNS Filtering In Place?
One way to mitigate the risk of an employee clicking on a phishing link is to use DNS filtering to block malicious sites. Connected Platforms can put this, along with other important phishing protections, in place for you.
Contact us today for a free consultation. Call 1300 866 096 or book a coffee meeting online.