Phishing is a problem year-round, but it can be especially dangerous for both in-office and remote workers during the holiday season.
There are a few factors that go into the increased danger. One is that phishing ramps up even more during the holidays. In 2019, phishing increased 400% during the first two weeks of November. Scammers take advantage of many holiday-themed scams that don’t work as well during other times of the year.
Factor two is that people get more emails in general during the holidays, which makes it easier for phishing to hide among legitimate mail and be mistaken for a real message. People usually get more mail in the form of holiday ads, shipping and tracking notices.
The third factor is that people are more distracted during the holidays. They’re thinking about holiday plans, shopping online, and not as focused as usual. This leaves them more vulnerable to falling for a phishing scam.
Using a firewall and filtering can help protect a company’s network from phishing up to a point. However, users are often reading emails on their phone which may not be as protected. Remote workers can also suffer attacks and they’re often outside the normal office firewall.
Because of the human element of phishing, it’s important that Charlotte area businesses take the time to properly educate employees about anti-phishing measures and how to spot the holiday threats that will be coming their way.
Be Aware of These Holiday Phishing Scams
Holiday Party Survey
One scam that hacker’s use during the holidays is to spoof the internal email address of a company (@mycompany.com) to make employees believe that an email about holiday plans is legitimate.
Most people are happy to get a fun break from their day to give their input on how their company celebrates the season, so they may click open an attachment without even thinking.
Just because you recognize an email address in the “From” line of an email doesn’t mean the message is legitimate. Scammers often use email spoofing to fake the sender’s address. It’s always best to double check with someone at your office before trusting an email of this kind.
Fake Order Emails
Fake order emails can come any time of year, but they’re easier to get mixed up with a real order during the holidays when people have been shopping online.
These often look identical to an email from a retailer like Amazon and can easily fool someone into clicking over to a spoofed sign-in page and giving up their login credentials to a thief.
The best way to avoid falling prey to these clever fake order scams is to hover over links to reveal the URL without clicking on it. It’s also a good rule of thumb to check orders by going directly to the retailer’s website and logging in from there, rather than following a website link.
Fake Charity Donation Requests
Charities increase their marketing during the holiday season, and scammers increase their fake charity donation request emails. They will often make them look like a name that’s close to a legitimate charity to fool people and will even put up a fake website.
Once you put in your credit card details to make a donation, they can be stolen and sold on the Dark Web.
It’s best to always donate by visiting a charity site you know. You can also check out charities for legitimacy on a site like CharityWatch.
Holiday Schedule Emails
Everyone seems to be sending their holiday schedules around this time of year. Vendors send them out so customers will know what days they’re closed and can adjust ordering accordingly.
This is another of the phishing scams that you’ll see near the end of the year. Those fake holiday schedules can contain malware and infect an entire network. Remember, even if you recognize the sender’s email address, it doesn’t mean they actually sent the message, it could be phishing.
It’s best to always check with a vendor directly by phone to see if they indeed did send out a holiday schedule and verify that the email is legitimate before opening it.
Bogus Shipment Tracking
It’s easy for scammers to send a fake email from “UPS” or “FedEx” this time of year when tracking notices are naturally hitting inboxes from legitimate orders.
These bogus shipment tracking emails will generally take a user to a malicious site that can inject malware or ransomware into their system as soon as the page loads.
When tracking shipments, always track by going to the shipper’s or retailer’s website directly and not by clicking links from an email. These fakes are often very convincing, so getting in the habit of never tracking by email link is a good way to avoid them.
Get Help With Security Safeguards to Combat Phishing
Rocky Knoll Technologies can help your Charlotte area business with cybersecurity safeguards that can reduce the amount of phishing employees have to deal with.
Contact us today to schedule a free cybersecurity consultation. Call 704.594.7292 or reach us online.
