Hackers and scammers are on the lookout during the holiday season to take advantage of consumers, retailers and commercial businesses alike. Phishing can occur via email, SMS/text, voice, social media and website access. Nearly 900,000 unique phishing attacks were reported from March 2018 to April 2019. Sourced from Proofpooint, 2019.
Take note of our tips to stay sharp during the busy month of December.
Consumers & Retailers
Most consumers and retailers know that phishing email scams are a favorite target method of cybercriminals. As online shopping continues to rise in popularity, email phishing has become even more effective. Here are three of the top scams:
● Fake shipping status alerts
This method might have a higher click-through rate, as it relies not on a fake purchase, but on the concern or anxiety that something you did buy will be delayed.
A notice from “UPS” letting you know your package is delayed is bound to get a click-through from a user who is, in fact, expecting a delivery via UPS.
● Fake flyers and deals
You might see a dozen or more emails a day from stores advertising sales or deals, but be on the lookout for stores you have never shopped with before.
These digital flyers may be advertising a great deal, but chances are the only thing you’ll receive by clicking through is a malware infection or lost funds for an order you’ve placed and will never receive.
● Fake customer surveys
Online surveys offering cash or gift cards can often be a scam.
If a survey asks for personal or financial information, it’s extremely likely that the survey is a cybercriminal’s way of stealing your identity or setting up a more advanced phishing scam.
● Fake account validation request
These emails appear to come from your store, bank, university or shopping website and are often a scam.
The request will look real, even with proper logos and grammar, but they are fake and trying to capture your user ID and password to access your account. If in doubt, go directly to the site instead of clicking on a link to verify your account.
Phishing schemes sent to commercial businesses are typically handled a bit differently than those sent to retailers or consumers. While these may seem simple, one employee who clicks on a connected device can infect a whole business network. Be on the lookout for:
● Unauthorized transactions
It may seem obvious, but keep a close eye on your bank account during the holidays.
All it takes is one website with lax security standards to lose your credit card information to a hacker, and you’re left footing the bill for someone else’s shopping habits.
● Fake receipts and invoices
Hackers will try to embed malicious code into email attachments like PDFs you would expect to see with receipts and invoices.
With an increase of business during the holiday months, opening an invoice you might not remember paying for might not trigger a second thought.
● Malicious embedded links
Embedded links are just as common a tactic as attachments for downloading malware to a system, or redirecting the target to an infected website.
Always take a few extra seconds to hover your mouse over any link that finds its way into your inbox. The hyperlink should be familiar; otherwise a hacker may be redirecting you to content they control.
9 Red Flags to Check to Prevent A Business Email Compromise
Sourced from INFOSEC, 2019
● The “reply to” email address doesn’t match the “from” email address
● A vendor payment request comes from a new email address
● Vendor payment requests with new routing numbers and/or account numbers
● Request for payments at the end of the day, or before weekends/holidays
● Request for wire transfers to a new account
● Any “urgent” or “confidential” requests for payment
● Request for payments without justification
● Request for payment to a personal account
● Requests for payments of unusual amounts