The holiday season is a difficult time to enforce information security best practices. Employees get distracted by holiday shopping and activities, and holiday leave can cause gaps in regular training. Unfortunately, the period between Thanksgiving and Christmas is also one of the busiest times for cyber criminals–especially when it comes to phishing.
Increased email volume combined with time off around the holidays can create a perfect storm for phishing attacks. A full inbox can lead to hurried decisions and poor choices when it comes to link-clicking — at home and at work. Even if your training regimen slows down in November and December, you can help keep employees safe from the most common phishing threats by passing along information in this post.
Hackers take advantage of consumers by promising great deals and counting on shoppers’ tendencies to relinquish common sense for the sake of a bargain. There are two major categories of retail-oriented phishing attacks:
More sophisticated: Some hackers will pose as real companies, either by hacking the company or simply by borrowing their branding and a similar URL
Less sophisticated: These attacks come from made-up brands or retailers with an amazing, time-sensitive deal
Both types of attack encourage clicking and lead to bogus sites that may request personal or credit card information, or install dangerous malware on the user’s computer.
Helping Employees Tell the Difference
The good news is that these personal phishing attacks can be detected with the same cyber hygiene practices as workplace attacks. Recipients just need to slow down and think before they click. Here are some classic telltale signs:
Suspicious domain names. If a phishing email is mimicking a real company, the domain might be misspelled or slightly altered. Roll over the sender’s email address to see the originating domain and compare it to the known domain of the company.
Lack of contact information. Phishing emails often don’t contain contact information or the fine print you would expect in a legitimate message. Even good fakes will likely be missing something. Look carefully, and delete any email that doesn’t give you adequate information about what it’s for or who it’s coming from.
Urgency. Phishing emails usually demand immediate action from recipients and create a sense of urgency or threaten dire consequences. If the email is threatening or withholds information about the deal’s timeframe, that’s a bad sign.
Too good to be true. If the deal is over the top, or even just feels unlikely, be wary. While many companies do offer legitimate deals during the holidays, hackers utilize this technique to encourage clicks.
In general, verify the information in any email outside of the email itself. Visit the established company website and look for the deal there. If you’re not familiar with the company, search for it online and see whether it’s a legit business.
Retail scams are not the only type of phishing email you or your employees might receive this time of year. Hackers also take advantage of a generous holiday spirit to reel in unsuspecting victims. According to CNBC, scammers are use phishing emails to con users into giving money to phony charities. As with other phishing emails, independently verify the so-called charity rather than clicking the link in the email. Be similarly careful if you receive an email from FedEx or UPS–those could also be scams, promising shipping information or updates if you click an embedded link.
The hectic holidays are not the time to stop using good cyber sense, no matter how stressed you may be or how good the deal seems. Taking the time to spot the phish could keep you from getting into some big holiday trouble. You’ll probably find that it’s worth it.
Contact a GLS representative to learn more about courses we offer on personal cybersecurity and how you can keep your employees safe from online threats at home and at work.