The festive period is a wonderful time of year for family, friends, goodwill and, of course, presents. And as festive shopping gets into full swing, it’s a thriving time for retailers and consumer businesses.
But we’re not the only ones looking forward to Christmas. It’s also a very profitable time for cybercriminals as they target shoppers, businesses and online retailers with scams designed to steal valuable information.
Cybercriminals use a variety of scams to steal information, money and identities. They can sell this stolen information on the dark web for a profit or use it to commit fraud.
Compared to Q3 2018, social engineering attacks increased by233% during the festive period. The majority of attacks targeted workers in marketing, public relations and human resources.
Some of last year’s most clicked phishing email subjects played on our festive fears – password and banking problems – and our excitement – Amazon orders, holiday offers and delivery updates.
The top email subjects during Christmas 2018 were:
| 19% | Password Check Required Immediately/Change of Password Required Immediately |
| 16% | Your Order with Amazon.com/Your Amazon Order Receipt |
| 11% | Announcement: Change in Holiday Schedule |
| 10% | Happy Holidays! Have a drink on us |
| 8% | Problem with the Bank Account |
| 6% | UPS Label Delivery |
Phishing websites were more prevalent too. Netflix-related phishing URLs increased by 25.7% during the festive period last year, making it the second most impersonated brand. In fact, Christmas day was the single largest day for Netflix phishing URLs in the entire year.
Despite the increase in scams at this time of year, there are steps you can take to tackle those festive fiends and ensure your employees stay secure both at work and home.
Providing guidance that can help keep employees and their families safe at home gives them more reasons to take notice at work too. Understanding why they need to change their behaviour is also a key part of motivating employees to engage with change.
1. Phishing
Cybercriminals bank on their phishing emails slipping through filters and not being read too closely. Just one click on a scam email at work could cause financial and reputational damage to your organisation. At home, it could cause problems for the employee and their family.
Top tip:
Your employees are your first line of defence so it’s vital they know how to spot the signs of a phishing email. Ensure you have email filters in place and that employees know what to do if they are unsure a request for information is genuine.
2. Fake websites
Many employees will be connected to the office WiFi when they do some quick Christmas shopping on their lunch break. But if they end up on a fake website, they could inadvertently download malware, fall victim to bogus gift scams or have their identity stolen.
Top tip:
Ensure your employees know how to spot the signs of a fake website to keep both the office network and their information secure.
3. Social media
Most of use at least one social media platform – and cybercriminals know this.
Fraudsters use social media to target us with fake adverts, illegal gift exchange schemes, and games designed to harvest your personal data.
Top tip:
Ensure your employees know the risks of posting too much personal information on social media. It’s also vital they know that any data they enter in social media games could be used to crack their passwords.
4. Security updates
Updating operating systems may seem like an inconvenience to employees, so take advantage of the Christmas downtime to make sure all vital security updates are installed.
Top tip:
Ensure your employees have the latest security patches installed on their work and personal devices.