The holidays are coming, which means more targeted emails from retailers, travel providers and anyone else looking to capitalize on consumers’ increased spending over the coming weeks. Not surprisingly, this increase in email outreach is also being used as a tool for cyber-attacks. And given the more widespread adoption of remote working and BYOD policies, that means even personal attacks could place your company’s sensitive data at risk. To prevent yourself, your employees and your organization from being victimized, here are five of the most popular cyber security phishing scams to be on the lookout for.
Ever hear the expression, “If it seems too good to be true, it probably is”? The holiday season is full of deals, specials and discounts, but not all of them will be on the up-and-up. Everyone who works for your company should know to be leery of any incoming email that seems too good to be true, or just looks suspicious in general – especially those containing links or requesting personal information.
Phishing scams don’t only arrive via email. Often times they include a more complex scheme involving the use of phony URLs that appear to be legitimate. Unfortunately, even just visiting one of these sites could result in malware getting a foothold on your systems and applications. Be sure to educate employees about these cyber security dangers so they’re diligent about taking a closer look before they click. For instance, instruct them to hover over a hyperlink to view the actual URL before clicking.
With online ordering at an all-time high and the number of orders being placed this time of year, it can be easy for a cyber-attack to make its way into your inbox by way of a fake invoice or purchase order. Receiving an email receipt for an order you didn’t place in June would probably be enough to raise a red flag, but in December when you’ve placed dozens of orders, it might slip under the radar. If you’re not careful, clicking on a link within could end up redirecting you to a phishing page or worse – instantly installing malware.
Phony Shipping Status
Just as with fake invoice emails, hackers will often use phony shipping notifications to try and trap their unsuspecting victims. With so many online orders being placed and received, it’s not unusual for an otherwise savvy individual to end up clicking on this type of malware email without even realizing the cyber security risks behind it. For example, if you recently placed an order and it was followed shortly thereafter by an email from what appears to be UPS, you might not think twice about clicking to see the status. Again, diligence and caution are key.
Another common tactic amongst cyber-criminals is the fake survey. These little gems end up in people’s inboxes with the promise of money or other incentives just for answering a few simple questions. It can be enough of a temptation for many who will go along, providing personal information at the end. This information can then be used to develop even more sophisticated and dangerous cyber-attacks, such as spear-phishing.
Whether these types of attacks target your individual employees or your business, either way they place the security of your sensitive data at risk. The best way to prevent these occurrences is to first educate your employees on what to watch for. Additionally, having a strong monitoring system coupled with an automated incident response strategy can ensure that even if an attack slips through the cracks, it will be thwarted as quickly and effectively as possible.