Halloween has been and gone, and with it the threat from Halloween-related spam and phishing campaigns. Unfortunately, the ghoulish behavior of cybercriminals will not stop. They will just work on Thanksgiving-related scams, or target the millions of online shoppers on Black Friday, Cyber Monday and Free Shipping Day. They will also be preparing for Christmas, which is another excellent time to target the unwary and gullible. All of these holiday times see millions of spam emails sent, new phishing campaigns developed, and many old ones dusted off and used again. Internet users must therefore always be constantly vigilant for the next cyberattack or scam.
Internet security risks increase in the run up to Christmas
Employees lead busy lives and often do not find the time to do all of their Christmas shopping at home. Some do not have home computers so are unable to access the Internet outside office hours. Many just prefer to keep their free time free, and be paid by their employers to do their Christmas shopping.
Unfortunately, those employees are taking big risks that could seriously jeopardize the security of their corporate computer systems, according to the Information Systems Audit and Control Association. This risk naturally increases at times of the year when internet shopping increases.
The risk has also increased in recent years with the rise in popularity of BYOD. More devices are being used to access networks, many of which do not have the level of security of the desktop computers supplied by employers and configured by IT departments. These devices make it much easier for employees to bypass security and spam protection controls.
The bad news is the risk is not going to decrease. As more users take part on BYOD, and even more devices are allowed to connect to corporate networks, the risk of suffering network security breaches will also increase.
Many companies find the number of employees using computers for personal use, especially in the run up to Christmas, has reached a level where it is simply not possible to take action against each employee. The threshold for disciplinary action has had to be increased. Others target this by taking a much harder line, due to the amount of time that is being wasted by employees. HR departments are then run ragged.
It is no surprise that many employers opt for an easy solution and implement a web filter to block access to certain internet sites. The burden is eased on HR staff and employees waste less time and become more productive. They are also used to cut back on other time wasting activities, such as accessing social media sites and playing online games.
A web filtering solution, such as WebTitan, can be invaluable at this time of year. It will reduce risk to network security and improve productivity; however, risk cannot be totally eliminated especially with the volume of email spam campaigns and Christmas-related scams seen at this time of year.
Holiday season scams that threaten network security
The usual suspects come out at this time of year but, after 10 months’ “holiday” from Christmas scam emails, it is useful to remind employees of the spam and phishing emails that do the rounds at this time of year.
‘Must Have’ Gift Scams
Every year there are some gifts that every child wants. They are in short supply and usually sell out well before Christmas. Be late buying Christmas gifts and your child will have to make do with second best. UNLESS…… someone has a spare one or some excess stock. You will find offers of the latest gadgets or hot new products flood inboxes. Links take users to shopping websites that have just one or two left. A purchase is made and the gift is mailed. Unfortunately, many of these websites are fake, and all that happens is a credit card number is divulged to a criminal.
Christmas Phishing Scams
The run up to Christmas is a busy time and short cuts are taken by employees who are under pressure or daydreaming about roast turkey. People are less cautious and take more security risks. They forget to check that a website has a valid SSL Certificate or shows a padlock next to the URL. People are more likely to click on links to malicious websites and, when full of Christmas spirit, Christmas-related social media posts are visited more frequently. Users tend to reveal personal information at this time of year. A post asks you to create your Elf name by using the name of your first pet and the street where you grew up. Users unfortunately divulge the answers to their online banking security questions all too easily.
Fake Special Offers and Competitions
Everyone would like a free Christmas gift, and scammers know it is easy to obtain sensitive information via fake competitions if there is a cool prize on offer. It is a time to be very cautious about surveys or competitions that ask for personal information. Facebook is one of the preferred websites to launch a fake contest, and it is surprising how much personal information is disclosed. Once personal information has been divulged, an email often arrives offering a prize. Just a few more data fields need to be entered to claim the top prize. That prize is identity theft, not a shopping voucher or an Xbox.
How to avoid these Christmas scams
Vigilance is key. Employers must be particularly careful that their staff members do not fall for these scams. It is a great time for refresher training to be conducted or for an email bulletin to be sent. Be sure to warn the staff of the following:
- Never to click on a link contained in an email unless they are 100% sure of the identity of the sender
- Never open an attachment in an email from someone they don’t know
- Change passwords and make sure they are impossible to guess
- Be very careful about divulging sensitive information to anyone
- Social media websites contain many scams. Make employees aware of scam competitions or surveys that request personal information
- Be careful about installing mobile apps – they may not be as harmless as they appear
- Password protect Smartphones and use a lock screen – if stolen, criminals will not be able to access online accounts and company data
Stop and think before clicking any link, visiting a website or opening an email – Could it be a scam or phishing attempt?