We Phish You a Merry Christmas
While many people are counting down the days until the start of the holiday season, cyber criminals around the world are counting down the days too, but for a much different reason.
Protecting personal devices and business networks is rarely a priority with holidays approaching, and why should it be? You’ve got pies to bake, gifts to wrap, and fiscal years to close out for your organization. But while your attention has been grabbed by the hustle and bustle of the season, bad actors are taking advantage of the exponentially greater vulnerability landscape.
According to a phishing fraud report, phishing email attacks increase 50% from October through December. In addition, 90% of holiday data breaches begin with phishing scams or social engineering. Nothing says ‘Happy Holidays’ quite like becoming the victim of a cyber attack and cyber crime is a gift nobody wants to receive.
Although cyber criminals create targeted attacks, anyone can be on the receiving end of a carefully crafted scam. Learn more about the most common threats plaguing unknowing businesses and consumers as well as the extra precautions to be taken this holiday season.
For the Business
The biggest threats faced by businesses during the holidays come as a result of lower staff numbers and the emphasis placed on making goals by the end of the fiscal year. But while many people enjoy their holiday breaks or are busy meeting deadlines, cyber criminals are hard at work to get their hands on data businesses can’t afford to lose and taking advantage of these distractions.
Hackers use this time to prey upon networks with minimal monitoring knowing there will be limited staff available to detect their presence and respond to an attack. They are also able to easily take advantage of unsuspecting employees by creating phishing emails designed to steal credentials or account information to gain further access into an organization’s systems. This risk is greater during the last few months of the year as more than 50% of employees use work devices to shop online, which only opens the door wider for those trying to keep your business’s holiday less merry and more scary.
From website interruption and Distributed Denial of Service to loss of consumer confidence and even business closure, the consequences of falling victim to a cyber attack for a business can be disastrous. Despite the looming threat of seasonal hackers, there are steps your organization can take to decrease exposure. This includes maintaining secure data backups, implementing organization-wide cyber security awareness training, and adding additional layers of security to your website and employee emails. By taking these extra steps ahead of the holidays, you can gain peace of mind that your business won’t become a victim of holiday hacking efforts.
For the Consumer
We mentioned the role of individuals on business risks for cyber crime, but what about on personal devices that aren’t attached to the business network? Consumers should be equally as concerned about keeping their information protected during these times of heightened risk. As you scour the web for the perfect gifts and scan your emails for the best year-end deals, cyber criminals are thriving off of heightened web traffic and financial information distributed across a multitude shopping channels.
It’s estimated e-commerce holiday sales will reach a record high $206 billion in 2021, with online sales making up 18.9% of total seasonal retail business. With this knowledge in mind, hackers have developed targeted attack methods to capture your payment information as well as other personal details. One of the more recent techniques adopted by cyber criminals are magecart attacks. This form of online skimming is increasing in popularity as it allows hackers to compromise payment platforms and steal financial data as it is entered for genuine transactions. In 2019, retail giant Macy’s fell victim to the card skimming group after unauthorized code was injected into their website, putting millions of people at risk of having their personal information compromised.
Another popular way scammers take advantage of consumers is by developing promo scams paired with domain impersonation. This approach is designed to fool shoppers into entering payment information on fake websites enticing them to claim a limited time offer or an unbeatable deal. To combat this growing threat of seasonal cyber attacks, shoppers are encouraged to enroll in credit monitoring services, use a dedicated credit or debit card for online shopping, and avoid clicking links, ads, or emails with deals that seem too good to be true because chances are, they are.
Although cyber crime may rise during the holiday season, it’s important to remember individuals and businesses can become a victim at any time from anywhere. Extra precautions should be taken throughout the year, whether it means strengthening network protections, educating employees on the importance of cyber security awareness, or remaining a vigilant consumer by not clicking ads or emails that seem unfamiliar.
During this season of giving, make sure you’re not giving too much of your personal or business information away to those hoping to profit off of your mistakes.
INE is the premier provider of technical training for the IT industry. INE is revolutionizing the digital learning industry through the implementation of adaptive technologies and a proven method of hands on training experiences. Our portfolio of trainings is built for all levels of technical learning, specializing in advanced networking technologies, next generation security and infrastructure programming and development. Want to talk to a training advisor about our course offerings and training plans? Give us a call at 877-224-8987 or email us at email@example.com.