Phishing is a year-round activity for cyber criminals, and just like retailers, they take advantage of seasonal events.
When fall hits and the holidays are just around the corner, there are certain types of phishing scams that begin hitting inboxes with a vengeance. Knowing what these are can help you avoid becoming a victim and experiencing an expensive cybersecurity incident.
Phishing and resulting data breaches and malware infections can be very costly for businesses in Denton and Wise counties. The average cost of a cyberattack to a UK business is £1,410.
43% of cyberattacks target small businesses, yet only 14% of those firms are prepared with the proper safeguards.
Because phishing is the most popular delivery method for all types of attacks (ransomware, fileless malware, credential theft, etc.) it should be a number one priority for your company.
This means putting safeguards in place to combat phishing, such as:
- Employee phishing awareness training
- Anti-phishing email filtering
- Managed IT services
- DNS filtering to block dangerous websites
Get Out Ahead of Seasonal Phishing Emails
Get out ahead of the scammers and give your employees a much better chance at spotting fake emails in their inboxes. Here are several seasonal phishing scams to have them watch out for.
Fake Shipping Notices
Online ordering is about to increase significantly as we approach the holiday buying season. Phishing scammers often send out fake shipping notices from emails spoofed to look like they’re from FedEx or UPS.
Users may be expecting a shipping notice from a legitimate purchase and get confused when a good-looking fake comes through.
One way to avoid being scammed is to hover over links without clicking to see if it looks legitimate.
A better method is to not use email links to check on shipment tracking at all. Instead go directly to either the shipper’s site to look up a tracking number or go to the purchase site to login and see order tracking.
Scam Amazon Orders
Another holiday scam is the fake order email from “Amazon.” It’s designed to elicit a “Did I order that?” or “I didn’t order anything!” emotional response in hopes that the person will click over to the malicious website without thinking.
It’s important for employees to know that these phishing scams often come personalized and may include their name and company name on them.
The same safety rules apply, hover over links and go directly to websites to check orders rather than clicking an email link.
The Gift Card Text Scam
This next phishing scam is usually done via text message but can also be done by email.
The victim receives a message that goes something like this: “Jan, I completely forgot to have you get customer appreciation gift cards. I’m on customer visits and need 5 x £200 gift cards right away. Please purchase and send me the numbers. You’ll get reimbursed when I’m back. Note: I’ll be out of reach in meetings for the next 2 hours and need these before then.”
The scammer will look up a manager’s name on a site like LinkedIn and use that as the purported sender.
Employees will often be afraid of not doing as directed and fall victim to this scam. The urgency is used purposely to have the victim act before they can verify anything.
If you see something like this, ALWAYS verify it’s real before you act. Use the contact information that you have for the manager, not the number or email address from the request.
Fake Charity Requests
Unfortunately, phishing criminals have no shame, and they’ll often increase the number of fake charity emails they send out, knowing that people tend to feel more generous during the holiday season.
Never respond directly to a request in your inbox. Instead, if you want to give, do it through a legitimate charity on their website, by mail, or in person.
Stimulus Money Scams
One phishing scam, of many, that is specific to the pandemic is related to promises of stimulus money from the government. These scams may send the victim to a form that is designed to capture sensitive information like a Social Security Number.
It can also contain a file attachment the user is asked to fill out to “make sure they get their stimulus money.” Only, the file attachment contains malware.
Holiday Party Information Scams
Another way that phishing attackers try to trick someone into clicking a malicious link is to promise them something great in return, like information on the office holiday party.
Watch out for any unusual emails asking to give your input on a holiday party or that promise you details on what to bring, etc. It’s always best to confirm directly with a real person in your office and avoid interacting in any way with an unexpected email.
Note: Scammers often spoof email addresses, so just because an email looks like it’s coming from inside your company, doesn’t mean it is.
Is Your Office Prepared for Phishing, Malware, and Other Attacks?
Don’t leave your office unprotected and vulnerable to phishing attacks. Tuned IT can help you put the protections in place you need to stay safe.
Contact us today to learn more! Call 0191 662 0023 or reach out online.