‘Tis the eve before Christmas.
Many of you will be reading this with one eye on the countdown clock.
Others may have stumbled across the piece in the warmer months — but much of what we’re about to share is as applicable during summer as when December swings back around.
The holidays are the perfect time for any cyber-scrooge to wield their digital trickery. They know you’re distracted, so the time for exploitation has arrived. But as you wind up for your break, be sure not to wind down your business security.
Keep an eye out for criminals looking to scam you with the following seasonal tricks.
Seasonal Email Phishing Scams
Every holiday includes its fair share of shopping.
And when users have splurged, they often forget what they’ve bought.
This flurry of online activity creates the perfect opportunity for fraud, as cyber thieves know that dozens of packages will arrive at the office in the run-up to Christmas. Holidays are the time to be extra vigilant against things like an email phishing scam — fake emails from seemingly legitimate accounts that push you to:-
- Click a link
- Then, share sensitive information
- Only to steal your details for use elsewhere
A phishing email may take the form of a notification scam: a message that arrives from a courier company, Amazon, or another brand you recognize, requesting further details to finalize your order.
The email address looks real; the branding is nearly spot-on… in fact, there’s nothing to raise suspicions — you must have bought those new shoes for a loved one — so you don’t give ‘click this link’ a second thought. But cyber-criminals often use this method to redirect you to a fake website (see the section on this below) where they can harvest information from individual shoppers and corporate employees alike.
Before you know it, you’ve given away enough detail to compromise your entire network.
Christmas Security Tip: Read every email twice. Look at the sender, the subject line, and cross-check every purchase (if a notification email) — only then will you find the tell-tale mistakes that are a sign of fraud.
Text, WhatsApp & Robocall Fraud
Email phishing is big business.
However, people often leave their skepticism at the door when a WhatsApp, text, even a phone call, arrives. If someone has your number, the contact must be legitimate, right? Wrong.
In America, 48% of respondents to a McAfee survey said they had been subject to attempted robocalling fraud, where an automated message tried to convince them to key in personal details (bank account number, date of birth) into their phone pad — while you may think you’d never fall for such an attempt, what if the incoming call came from a contact that you recognized?
It’s become easy for cybercriminals to create a false caller (or text message) ID, which can often convince users the contact is who they say they are…
But never share details unless you are 100% confident in the source of the request.
Christmas Security Tip: If you receive a WhatsApp or text saying you’ve won a free gift voucher, don’t trust it (and definitely don’t click any links). The same goes for Facebook giveaways that request personal information: if an offer sounds too good to be true, it is.
Fake Website & Public WiFi Risks
Fake websites are an easy way to gather information.
A scammer just needs to convince you to click on a link, and they have snared you in their trap. And an effective way to trick anyone at Christmas is to appeal to their seasonal goodwill.
At certain times of the year, we are all more willing to donate, which has led to a rise in fake charity scams: a ruse whereby a criminal poses as a charitable organization, only to get you to share financial data; or, simply transfer money to a supposed good cause. The same tactic can be applied to discounted shopping, in which a criminal simply clones a product catalog, then lists cut-price deals to attract traffic.
But beware of the fakery, and never make a purchase, no matter the temptation… as sites like these are often just trying to steal your information for insidious purposes.
Similar risks also present themselves when shopping via public WiFi: internet hotspots — whether in a coffee shop, bar, library, or elsewhere — are vulnerable. They offer a convenient way for a cyber-criminal to hack your device, access your details, then steal whatever information they like.
In Q1 2019 alone, 2.2bn hacked account details were stolen, then sold.
Christmas Security Tip: Fake website names look fake. The URL may contain familiar elements (a brand name), but they often include an unfamiliar add-on (say, www.cheaplevis.org) and use .org, .net, or another unlikely domain. Also, the content will likely have strange mistakes, and contact information may seem odd.
If anything looks questionable, don’t use the site (even if it has a ‘green padlock’ certificate in the browser bar, this doesn’t guarantee a legitimate business is behind the operation). If you want to buy a brand, buy directly from the source. And before clicking any link, hover over it to check the URL doesn’t look suspicious.
Finally, if you’re shopping, banking, or doing business-related tasks — never use a public network, as you’re only putting yourself at risk.
Before You Sign Off: Update Your Security Systems
Signing off for Christmas is a moment we all love.
However, you must do just a few more things before you shut your systems down if you’re to avoid coming back in the New Year to a network security meltdown.
- Make sure your business has the right security software
- Ensure all software is updated to the latest version
- And back-up your data (both off- and online)
If every security system is up-to-date, you can rest easy when you leave the office.
Though don’t forget to update third-party business applications as well — 86% of all security risks stem from plug-ins — but once you know they’re up-to-date, you can have confidence that no vulnerabilities remain.
Now sign off for Christmas, you deserve your break!
From everyone here at Mid-Coast Tech, we’d like to wish you a Merry Christmas and a Happy New Year. When you’re back in the office, feel free to give us a call on 207-223-7541, and let’s chat about your network security needs in 2020!