- Employee awareness
- 5 min read
The festive period is a wonderful time of year for family, friends, goodwill and, of course, presents. And as festive shopping gets into full swing, it’s a thriving time for retailers and consumer businesses.
But we’re not the only ones looking forward to Christmas. It’s also a very profitable time for cybercriminals as they target shoppers, businesses and online retailers with scams designed to steal valuable information.
Cybercriminals use a variety of scams to steal information, money and identities. They can sell this stolen information on the dark web for a profit or use it to commit fraud.
Compared to Q3 2018, social engineering attacks increased by 233% during the festive period. The majority of attacks targeted workers in marketing, public relations and human resources.
Some of last year’s most clicked phishing email subjects played on our festive fears – password and banking problems – and our excitement – Amazon orders, holiday offers and delivery updates.
The top email subjects during Christmas 2018 were:
19% | - | Password Check Required Immediately/Change of Password Required Immediately | |||||
16% | - | Your Order with Amazon.com/Your Amazon Order Receipt | |||||
11% | - | Announcement: Change in Holiday Schedule | |||||
10% | - | Happy Holidays! Have a drink on us | |||||
8% | - | Problem with the Bank Account | |||||
6% | - | UPS Label Delivery |
Phishing websites were more prevalent too. Netflix-related phishing URLs increased by 25.7% during the festive period last year, making it the second most impersonated brand. In fact, Christmas day was the single largest day for Netflix phishing URLs in the entire year.
Despite the increase in scams at this time of year, there are steps you can take to tackle those festive fiends and ensure your employees stay secure both at work and home.
Providing guidance that can help keep employees and their families safe at home gives them more reasons to take notice at work too. Understanding why they need to change their behaviour is also a key part of motivating employees to engage with change.
Phishing
Cybercriminals bank on their phishing emails slipping through filters and not being read too closely. Just one click on a scam email at work could cause financial and reputational damage to your organisation. At home, it could cause problems for the employee and their family.
Top tip:
Your employees are your first line of defence so it’s vital they know how to spot the signs of a phishing email. Ensure you have email filters in place and that employees know what to do if they are unsure a request for information is genuine.
Fake websites
Many employees will be connected to the office WiFi when they do some quick Christmas shopping on their lunch break. But if they end up on a fake website, they could inadvertently download malware, fall victim to bogus gift scams or have their identity stolen.
Top tip:
Ensure your employees know how to spot the signs of a fake website to keep both the office network and their information secure.
Social media
Most of use at least one social media platform – and cybercriminals know this.
Fraudsters use social media to target us with fake adverts, illegal gift exchange schemes, and games designed to harvest your personal data.
Top tip:
Ensure your employees know the risks of posting too much personal information on social media. It’s also vital they know that any data they enter in social media games could be used to crack their passwords.
Security updates
Updating operating systems may seem like an inconvenience to employees, so take advantage of the Christmas downtime to make sure all vital security updates are installed.
Top tip:
Ensure your employees have the latest security patches installed on their work and personal devices.
Your organisation’s internal communications can capitalise on festive themes to grab your employees’ attention. Engaging seasonal campaigns are an effective way to deliver important security messages in a fun way.
Christmas is the perfect time of year to deliver a creative, colourful and impactful campaign that stands out from everyday internal messages.
If you’re looking to treat your company to an early present, TSC has created a ready-made Christmas campaign with key information security messaging - The 12 Scams of Christmas.
The campaign is designed to highlight how they can protect themselves and their information against scams at this time of year. It includes:
Spot the Risks game
(with optional prize draw)
Spot the information security risks in office decorated for Christmas but littered with security lapses. You can incentivise your colleagues through the built-in prize draw.
Article
Ready-made content introducing Christmas scams and top security tips for work and home.
Online Advent calendar
(with optional prize draw)
Twelve days of security messages with tips to stay secure.
Security slalom game
(with optional high score prize)
Answer questions about Christmas scams, build a ski course, and help Parsnip reach the finish line.
Static infographic
Common Christmas scams highlighted in a decorative online or printed poster. The twelve scam graphics can also be used individually as posters or email banners.
Don’t end up on the naughty list when it comes to keeping your information secure. Contact TSC today to learn more about the 12 Scams of Christmas campaign.
After all, ‘tis the season to be secure!
Head over to the 12 Scams of Christmas page to find out more:
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51