Business.com Feature: Holiday Phishing Attacks

Our article on how to identify and avoid holiday phishing attacks at work was recently published on Business.com. We have included a summary and introduction below, but don’t miss the full article here.

 

The holiday season has arrived in full force, and with it, some related cybersecurity considerations. It’s a time for celebration and fun with family and friends, but it’s also a very busy time of year when many of us feel a time crunch both at home and at work.

Unfortunately, cybercriminals can take advantage of the hustle and bustle of the season to craft convincing phishing attacks that can catch you off guard. And if employees fall for a phishing attack while at work, it can have lasting implications. That’s why it’s crucial to understand how you, and your employees, can protect your business this season, even if your company doesn’t handle ecommerce.

Catch up on a few of the common phishing scams that surface during the holidays, and some useful tips on how to avoid falling for them:

 

The Boss Needs Gift Cards

In this scam, an attacker will break into or mimic an executive or manager’s email and send a message to a more junior employee asking them to purchase a large quantity of gift cards, then send them the redemption codes. TIP: Avoid falling for this attack by verbally confirming all unexpected requests with the sender, either in person over the phone.

 

Your Package is On the Way!

Fake delivery notifications mimic real tracking emails from shipping carriers (e.g. UPS or FedEx) and encourage you to click a link to track your package. These can be very hard to spot, especially if you are expecting packages through the holidays. TIP: Instead of clicking the tracking link, always copy and paste the tracking number into the carrier’s official website.

 

The Dangerous Deal

Attackers know that you might be tempted by a great deal on those holiday favorites. These attacks look like a legitimate coupon or flash sale offering a deep discount, but really link you to a malicious site. TIP: Inspect email domain names/web addresses and links carefully, and visit the company’s website directly rather than clicking to view the deal through an email.

 

Read the full article on Business.com.