With November already here and holiday shopping underway in many households, beware the lurking scams that hackers and cybercriminals are scheming this holiday season to lure you to either giving them access to your organization’s network and allowing them to steal sensitive information or unknowingly giving them access to hard earned dollars.
The fact is that cybercrime is evolving
Cyber criminals are attending school to up their game this holiday season. Several dubious websites are offering training courses on how to effectively steal credentials and digital assets from unsuspecting victims.
In fact, cybercriminal masterminds are selling courses for others that want to learn the most up-to-date methods of hacking into networks. Some of those masterminds are also offering cybercrime kits to kick start effective holiday campaigns.
Advertising with names like the University of Anonymous Cybersecurity, these criminals are reaching out to anyone interested in getting into cybercrime and giving them the training and tools to successfully breach your organization’s network and steal sensitive information (think bank accounts, Social Security Numbers, medical records, and other valuable personal information).
What’s worrying? Some criminals are offering courses and materials for as little a buck. For a single dollar, criminals are getting trained by expert cybercriminals who are looking for recruits and underlings to implement campaigns that have proven success at targeting organizations large and small. These experts are training new criminals on methods to detect and exploit network vulnerabilities. [Note: if you aren’t sure where your organization’s cybersecurity ranks, security experts recommend getting an expert opinion, a network security assessment].
Where ever you think your organization falls in cybersecurity, the bottom line is criminals are hungrier than ever to steal from you and are finding very effective ways to detect networks where vulnerabilities persist.
To that end, we want you to be on the lookout this season for criminal activity and have a few examples of some very common scams that have started to pop up in the cyber world.
Infected Websites—criminals have been hacking into and infecting websites to spread their viruses onto your networked devices. One of the easiest ways for criminals to compromise your network is by luring people on your staff to websites that either have been compromised or are malicious lookalike sites to legitimate ones your team commonly uses.
Phishing Campaigns—the holidays are one of the best times to steal information or money from your users. Scammers have perfected their English, are doing their homework finding out personal information about you and your teams on social media and are getting teams to click on links or open attachments. They are also sending emotional emails asking for donations or linking to malicious sites spoofed to look like charities. Reinforce with each and every team member to be skeptical of unexpected requests—especially as we finish out Q4.
Stolen shopping carts—on top of just hacking into or creating malicious sites to lure your users, criminals have found ways to maliciously penetrate online shopping carts. Particularly around the holiday season, criminals target major retail sites. If you are shopping online, be vigilant and make sure your credit card information hasn’t been stolen (check your account balances regularly).
In addition to making sure your staff understands their risks online this holiday season, there are some additional steps your organization can put into place to ensure you network is secure as criminals gear up with big end of the year cyberattacks:
Monitor—just like your bank monitors your credit card for suspicious activity (especially as the shopping season heats up), so too should you be monitoring activity across your network. Your IT Support team should be able to tell what normal day to day traffic looks like on your network (every network is different) and should be able to detect threats or suspicious activity before data is actually leaked offsite.
Strengthen your security—most organizations that we assess fail to meet minimum standards of network security. They leave vulnerabilities with easy fixes wide open for hackers to exploit. You may be investing in security technology, but if it is not strategically configured on your network, it might not be doing its job. Ensuring that you (1) are investing in cybersecurity and (2) that you are strategically implementing security that actually protects your data and users will help you avoid being low hanging fruit cybercriminals are hunting for.
Stay smart—another very effective way to avoid cyberattacks is to make sure your team is aware of current issues. By educating your team with tips and updates on attacks, you give them context to cybersecurity and why it’s important. If you want your network secure, having a team that is smart about security makes a major difference.
And remember, criminals do not take holidays off. When you’re not paying attention, they’re likely focused the most.
Are you sure your network is secure? Contact us for a FREE network security assessment.