Ho, ho, ho, hold on before clicking on that link advertising an amazing deal this holiday season.
Phishing, that ever-present and ever-growing organizational concern, is a preferred attack method for hackers because of its relatively simple premise: deceiving a user into clicking a link that allows access to personal information. Even with the flurry of activity surrounding Black Friday and Cyber Monday now in the books, cybercriminals still have all of December to take advantage of both consumers and organizations through phishing schemes.
The primary concern surrounding holiday phishing is to protect the regular consumer, but phishing can be just as threatening for organizations. An employee could cause a breach by clicking a malicious link from a personal email that they’ve accessed at work or by falling for a phishing scheme sent to their company email. So how can organizations make sure their people don’t give them the unwanted holiday gift of a security breach?
Here are six tips to help you and your end users get your holiday shopping done safely:
Organizations: refresh the topic of phishing to your employees
Remind employees how to recognize and report a phishing email. Phishing is effective because it creates a sense of urgency, which is something that might stand out as suspicious in April, but blends in right now in a season full of ads urging users to “act before this deal disappears.”
Be proactive; eliminate the attack before it reaches your employees
Your people don’t need to be the first defense against suspicious holiday deals. We recommend having an email security solution in place to provide targeted threat protection against spam, malware and phishing.
Do your shopping on a secure network
We’re all connected all the time. To keep your personal information (name, address, credit card) and devices safe, always connect to a secure network.
Verify shipping updates and tracking numbers manually
The most popular phishing emails during the holiday season contain malicious links disguised as shipping updates or delivery notifications. Never click on tracking numbers; copy and paste the number (or write it down) and use the carrier’s website to get your update.
Delete deals with attachments
Think about it: when have you ever gotten an attachment from Amazon or Target? Vendors include sales information directly in the body of an email. If you see an attachment, don’t click; it may contain malware.
Don’t click on popup ads
Popups may be tempting, but cybercriminals often use them to direct you to malicious websites, so it’s best to stay away. For safest surfing, go directly to the vendor’s website or, even better, their app.
How can Schneider Downs Help?
Our cybersecurity practice is comprised of experts in multiple technical domains. We offer phishing simulation assessments that will help your organization build resilience against these types of actions. Our customized assessments replicate real-world attacks and are conducted by our team of skilled professionals in a controlled and secure environment. Learn more about our cybersecurity services at www.schneiderdowns.com/cybersecurity or contact us at [email protected].
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.