‘Tis the season for holiday deals and holiday giving, but unfortunately it’s also the time of year when cyber scams are on the rise.
Cyber thieves are out in force this year, more so than ever before!
Ringing their digital bells, emailing with special deals, asking for you to sign up for alluring promotions and sending out credit card alerts. In fact, cybersecurity experts suspect that 2 in 5 users will fall for a cyberattack this season, as criminals perfect their phishing scams and further exploit unsuspecting users to get onto business networks.
Today I want to walk through some of the growing scams that are targeting home users and businesses alike this holiday season:
Phony Invoices—the end of the year is the biggest time of year when users are making more personal purchases and businesses are increasing their procurement to maximize Section 179. No matter your purchase types, scammers have identified fake invoicing as one of the most effective ways to get users to click on attachments or links. Many will unknowingly install malware and viruses on their personal computer and network, which may lead to a severe data breach or attack if they aren’t taking the proper precautions.
This holiday season, make sure you and your users are thinking before they click. If they don’t recall a purchase or if the email doesn’t seem quite right, err on skepticism when opening emails this holiday season.
Shipping status links—all of those purchases you’ve made are hard to track! The ease of status updates via UPS, FedEx and USPS shipping links can sure come in handy. But hackers have also found shipping emails to be the perfect vehicle for virus-ridden links.
If you are doing holiday or business procurement this holiday season, be careful not to click directly click shipping links. Rather, go to a distributor’s website and enter the tracking number (Even easier: Google will give you tracking information if you enter the tracking number into their query box).
So many deals—with Black Friday and Cyber Monday expanding into the rest of December (or so it seems!), there are so many deals hitting your inbox, some of which may be too good to be true. Criminals exploit human emotions—including pushing marketing promotions aimed at conversions.
Be wary of these deals this year. If you are really interested in one, type in the URL into your browser (criminals often mask malicious site links with seemingly legitimate URLs in hopes to redirect you to a malicious site that mirrors your favorite store’s website).
Credit card alerts—you may receive regular updates from your financial institutions, but emergency alerts informing you of password verification or security alerts directed at getting you to log in are a big red flag of common banking phishing scams.
Note from the CEO—during the holidays, you may expect to get messages from the leadership in your organization. It may come from the finance department, informing you of your bonus, or maybe it’s a note from the CEO wishing everyone a happy holidays.
Be aware that criminals continue to mask phishing emails in disguise of intra-office correspondences. If the voice, tone or actions asked in the email don’t seem quite right, ask the sender of the email before taking requested action. Often the sender address looks right at first glance, but at further inspection something isn’t quite right (see below). Make sure you inspect emails carefully this season to avoid being tricked!
In light of the Equifax breach earlier this year and an uptick in fraud during the holiday season, consider checking in on your bank accounts to ensure everything looks above board.
Bottom line: Don’t give any information—passwords or other sensitive information—online or over the phone. Guard your (and your business’) information to avoid getting put in precarious situations.
If something doesn’t seem right, if there are typos in the writing or an email or website looks a little sloppy, it’s likely not the real deal.
Most of all, make sure your business is taking security as serious as you should in 2018! If you have any questions, concerns or hesitations about security, give us a call!