While the holiday season is meant to be one of festivity and giving, for hackers it’s a time of taking. Each year, phishing scams skyrocket during the festive season. In line with this, research shows phishing attempts rise by as much as 400% each year between October and December.
It’s easy to understand why hackers see the holiday season as an opportune time for scamming. People receive more emails over this time of year: retail offers, invites to Christmas parties and seasonal greetings all start to pour into our inboxes. Hackers hope that, in the holiday rush, you’ll accidentally fall for one of their scams.
So, how do you stay vigilant and make sure you don’t become a victim? Education and awareness is key.
What is Phishing?
Before we dive into how to protect yourself from phishing, let’s firmly define what it is. In essence, phishing is a malicious attack in which a threat actor dupes their victim into sharing sensitive data or clicking on an attachment that launches malware on their device. Phishing attacks are primarily conducted via email, but you can also receive these scams over text, phone and email.
There are a few different forms of phishing: there’s mass attacks, where hackers indiscriminately send out an email or text to as many people as possible. Then there’s spear phishing attacks, which are highly personalized and targeted emails that are designed for a specific recipient – usually a business leader or accountant with power to make financial decisions.
While some phishing emails are easy to distinguish from legitimate emails, they’re not always easy to spot, especially as, during this time of year, hackers will masquerade as retailers with amazing seasonal offers.
Is My Business Vulnerable to Phishing?
In a word, yes. No matter how large or small your business, or what sector you operate in, your company is vulnerable to phishing scams, so don’t think you’ll evade being caught out.
It’s vital to educate your employees on the rise of holiday phishing scams, and equip them with the knowledge to successfully spot and report an attack before it’s too late. With that in mind, we’ve written some quick guidance that you can share directly with your employees to empower them to spot these attacks.
Employee Guidance: How To Spot A Phishing Email
In most cases, phishing emails share a few common trends that make them possible to spot in comparison to real email or text communications. All employees should beware of emails that are:
- Unexpected: Out of the blue requests without context are likely to be a phishing email
- Authoritative: If the email is also from a well-known body, like a healthcare organization or government department, you should scrutinize it carefully.
- Urgent: There’ll often be a sense or urgency and command to the email, asking you to act immediately. Be wary of this, as it is likely a phishing scam.
- Emotive: Hackers use psychological manipulation to push you into acting, such as pretending to be from a charity in desperate need of money, or a retailer offering an amazing deal that you simply can’t refuse.
- Incongruent: Is the email from a big brand, but contains spelling and grammar errors? Does the email address seem weird in comparison to who the person says they are? Chances are, it’s a phishing email.
If you think you’ve received a phishing email, don’t reply to the message or click any of the links sent to you. Instead, clarify the request separately by visiting the brand’s website and asking to speak to customer service. Explain that you’re concerned you’ve received a phishing email, and they’ll let you know whether the email is real or not.
Of course, in the case of spear-phishing emails, it can be more tricky to detect whether or not you’ve been duped. For any sudden request from a colleague or partner, we recommend picking up the phone and calling them to verify their request is genuine. Always be on the safe side and practice due diligence!
Layer Your Defenses
People are your first line of defense in the fight against phishing, but you can’t rely on your employees entirely. It’s not fair and it’s, also, unwise. Let’s face it, in the rush of the workplace and the holiday season, mistakes are going to happen. Just one wrong click can lead to phishing success for attackers.
With that in mind, you need to support user education with the right security controls. This will help you reduce the velocity of phishing emails and recover quickly should an attack be successful. We recommend implementing tools like anti-virus, user behavior analytics and more to protect your business.
Get Help Combating Holiday Phishing Attacks
Combating phishing is a full-time job – and probably one you don’t have time for! That’s where we come in. Let us design and implement an excellent phishing protection and awareness program for you. Contact us today to find out more.