It is reasonable to anticipate that the holiday season will be a time of good cheer, peace, and goodwill to all. The problem is that cyber attackers didn’t get the message. During the holidays, they are more likely to launch phishing attacks against businesses. Knowing what to expect ahead of time can help you avoid problems.
According to cybercrime studies, the season has a “significant impact” on the volume of phishing attacks. The week before Christmas, “phishing attacks increased by more than 150 percent above the national norm.” According to Barracuda data, the number of attacks decreased dramatically once the holidays ended.
Why would a hacker choose to target a business during the Christmas season? Because they are aware that things may slow down and that individuals may not be paying as close attention as they should. They’re already mentally packing their belongings and heading out the door, sipping eggnog and plotting where they’ll do their last-minute shopping. Oh, my! They are tricked into clicking on a malicious link or filling out a form that requests personal information.
Alternatively, they might assume you’re stressed out and attempting to get everything done before the holidays. Purchase orders, bills, and emails are being sent at breakneck speed. They rely on the fact that consumers will overlook minor details.
The Fundamentals of Phishing
Phishing is a form of social engineering that is used to expose security gaps and exploit possible vulnerabilities in computer systems. Using deception, the hacker tricked the victim into responding to an erroneous request from a bank, vendor, or coworker. It is their hope that unsuspecting employees will fall for their ruse and fail to do the following: Double-check the spelling of URLs in email links; be wary of URL redirects to bogus websites that appear legitimate; question why Jamie in HR needs their access credentials; and contact the sender of a suspicious email for confirmation before responding.
During this time of year at the office, everything can seem more important, and employees are more likely to fall for emails that tell them they must do a task immediately. They may fail to notice that an invoice from a familiar supplier has a different bank account number, or they may fall for a ruse because they are distracted or overburdened with other responsibilities.
“Undeliverable mail” and “HR: Your Action Is Required” are two of the most common email subject lines used to target employees for phishing efforts.
“HR: Please download your W2 immediately.”
“Rick from the Microsoft Teams has sent you a message.”
It’s easy to imagine how someone would simply click on those without a second thought in their mind.
What to Do If You Are a Victim of Phishing
You can talk with your staff about the dangers of phishing and educate them on how to avoid being a victim of this scam. Also, remind employees of the company’s regulations regarding payment, wire transfer, data sharing, and the transmission of personal information. However, it is possible that today is not the best time to share the information.
The following are additional precautionary measures: Make certain that all security updates are updated and installed in order to address known vulnerabilities.
Set up automated filters to ensure that links in inbound emails are safe before they are delivered to the recipient.
Check your infrastructure to see if there are any weak spots.
Set up geofences to inspect traffic coming from specific regions that have been linked to phishing attacks.
Finally, if you recruit any temporary employees to deal with the holiday rush, make sure you restrict their access to the building. Then, as soon as their contracts expire, quickly terminate their access to your systems and networks.
If your company is currently too busy to devote time to phishing protection, we can assist you. We can set up the mail management and filtering systems necessary to keep your company secure all year long.
We’d love to help!
Click here to schedule a free 15-minute meeting with Stan Kats, our Founder and Chief Technologist.
STG IT Consulting Group proudly provides IT Service in Greater Los Angeles and the surrounding areas for all of your IT needs.
We look forward to meeting with you!