HO, HO, WHOA!
Be extra careful what you open this christmas
We are all busy in the run up to Christmas, work projects to be completed before the holidays, squishing in festive shopping, and planning social activities: it’s easy for staff to be less cyber vigilant than normal. Coupled with flexible/home working, and employees using their own devices for work purposes (and vice versa), the perfect christmas cyber storm is brewing, with cyber criminals rubbing their hands in glee. It’s a prime opportunity for scammers to steal money from unsuspecting victims.
Phishing attacks turn Christmas cheer into Christmas fear
Verizon’s data breach report stated that 43% of security breaches involve phishing. So protecting your organisation from phishing attacks is a mainstay of a cyber security strategy.
Phishing attacks come in all shapes and sizes. Cyber criminals posing as an individual or organisation send fake messages that appear to come from a trusted source, encouraging recipients ‘to act’ without realising they are being duped eg. click on a malicious link, visit a ‘fake’ website, open a dodgy document, download software onto a device, all with the key aim of stealing personal and sensitive information. Once attackers have your credentials they can go on to steal money from bank accounts, purchase gift items, open new accounts, run up spend on credit cards, sign up for payment plans and so on….
Everyone is at risk, no individual or organisation is immune. Attacks are becoming increasingly sophisticated and may be delivered by email, text, phone calls, social media channels, and even postal cards physically placed through your letterbox.
The 12 Cyber Security Scams of Christmas
Sophisticated scams quite often appear as if they are coming from a trusted brand, so seem genuine, relevant and of course timely…
Santa has these 12 frauds of christmas on his to-do list this year:
- Parcel delivery scams – be it via text messages, email or postal slips put through your letterbox, be aware these can encourage you to download malicious apps, visit scam websites or even call a high rate telephone number.
- Banking scams – Christmas can be an expensive time of year for many, fraudsters tap into this by offering payment plans, loans and credit cards, whizzing you off to a fake website to capture your financial details.
- Payment request scams – unexpected bills and invoices might seem to pop into your inbox in December, pay close attention, requests for payments aren’t always what they seem, cyber criminals are banking on you being pushed for time.
- Fake shopping websites – looking for the ‘must have’ Christmas gift that seems to be out of stock everywhere, don’t be tempted to buy from websites that you don’t know and trust, they are after your money and personal information.
- Fake mobile apps – be vigilant when downloading apps. Fake mobile apps impersonate and replicate trusted brands, tricking unsuspecting users to install, they then download malware onto your devices to steal confidential data.
- Gift card scams – popular on social media, Christmas time brings an increase in competitions and ‘chances’ to win gift cards, quite often for supermarkets and well known brands, enter at your peril, if it’s too good to be true it probably is. Quite often you have to like, comment and sign up, once the scammers have your personal credentials then they can commit further frauds in your name.
- Desktop backgrounds and videos – from festive desktop backgrounds to funny Christmas videos, never download zip files from an unknown source.
- Ecards – be wary of opening e-greetings and gift cards, quite often they are delivering malware as opposed to glad tidings.
- Lottery scams – we could all do with a lottery win couldn’t we?! Unexpectedly received a call, text, or email saying you’ve won the lottery? Scammers may trick you to think you’ve won, don’t share your details or pay any more to receive a prize.
- Charity scams – Christmas is the time of year when we typically want to share our blessings with others. Be wary of phone calls, texts and emails from charities requesting donations, fraudsters set up fake websites and accounts in an attempt to collect funds that otherwise would have been donated to legitimate charities.
- Public wifi – free wifi in public places gives hackers the perfect opportunity to snoop. Cyber criminals can hack into your devices, giving them access to your emails, passwords, and even your website logins.
- Covid passports and boosters – The global Covid pandemic brought a wave of sophisticated cyber attacks, all playing on fear. Fake texts and emails offering Covid passports and boosters are still doing the rounds. They ask recipients to click on a link that takes them to an online form where they are prompted to input personal and financial details. In some cases, the online form has looked very similar to the real NHS website. Be cyber aware, do not share any personal information without checking first.
Don’t let the grinch steal your Christmas cheer
With the rise in phishing and cyber fraud, as well as the high costs of ransomware and business email compromise: the first line of defense filtering software such as anti-virus, email gateways, and firewalls can reduce the risk of phishing attacks. However, as attacks become more sophisticated, you need to take extra steps to be cyber secure:
- Advanced email solutions: With 96% of cyber attacks starting with an email, managing your email protection is critical. Our email solutions offer comprehensive filtering; anti-spam, anti-phishing, and anti-malware protection, to detect, identify and remove threats circulating via email software.
- The next generation of firewalls: A firewall prevents untrusted and unauthorised programs from gaining access to your network. Check out our blog post about next generation firewalls which provide superior protection using advanced techniques and technology to address evolving and complex threats. Many organisations outsource their firewall protection to an MSSP (Managed Security Services Provider) such as ourselves, we would then take care of the operational side of firewall management.
- Training: Over 90% of security incidents are caused by a lack of staff awareness. Being more aware of spotting phishing attacks by way of suspicious emails, texts and calls can make the difference in keeping you secure. With attacks becoming ever more sophisticated, it’s important that you keep training up to date to include emerging threats.
- Endpoint Protection: Endpoints are any device, such as personal computers, servers, smartphones, and tablets, that are connected to a network via the internet. Our Managed Endpoint Detection and Response (EDR) service extends visibility into endpoints to provide advanced threat hunting and detection across your entire network.
- Incident Response Plan: No network, system, or software is ever 100% secure and a quick and efficient response to an attack can save an untold amount of time, and money. You should consider a Cyber Incident Response Planning Service to help you optimise your incident response plan or even a fully managed incident response service to undertake expert incident management on your behalf.
A cyber security strategy isn’t just for Christmas….
Whilst cyber attacks increase through the festive period, you need to be on your guard at all times throughout the year.
To gain a clear understanding of the threats, the effectiveness of your defenses and your ability to respond to an attack, we recommend you also regularly assess your organisation’s vulnerability to social engineering attacks.
- Phishing exposure assessments safely simulate phishing attacks to test your employees’ security awareness and evaluate the ability of your network security infrastructure to protect from cyber attacks.
- A Cyber Security Risk Assessment assesses, identifies, and modifies your overall security posture and enables security, operations, organisational management, and other personnel to collaborate and view the entire organisation from an attacker’s perspective.
To find out how exposed you really are, and for advice on how to mitigate cyber risks, get in touch with the Infosec Partners team today.