As 2022 comes to a close, stress can be at an all-time high. This time of year, many have planned holiday vacation time, relatives may be coming in from out of town, or there may be end-of-year time crunches at work. Due to these stressors, we may become lax in our judgement when it comes to how we view security. However, we must be wary of scammers during the holiday season and not let our guard down. These conditions are the perfect storm for malicious actors. In 2021, the FBI and CISA saw an increase in highly impactful ransomware attacks occurring on holidays and weekends. We should not expect things to be any different at the end of this year either.
In October, Cybersecurity Awareness Month taught us the importance of safe practices such as the use of multifactor authentication, strong passwords, and VPNs. Even though that month has since passed, the holiday season is perhaps one of the most crucial times to keep those same practices at the forefront of our mind, along with other useful tips to keep ourselves safe. Let us consider a few of them.
Caution on Vacation
Many find themselves travelling during this time of the year. We may be very excited to finally get some time off after a very busy twelve months. However, never let yourself become too comfortable when letting people know that you’re away! One instance to be careful of is when posting on social media. If we were to post too much about going on holiday mentioning dates away, destinations, etc., we could run the risk of being targeted by a malicious actor. How so? They could pose as your hotel or airline by sending you convincing phishing emails. Or even worse, plan out when you will be away so as to gain access to your personal estate.
When on vacation, the last thing you want to worry about is work emails, right? You may set up “Out of Office” automatic replies to let people know you are not available, and to reach out to someone else. Though these may be useful, they may be more of a security risk if they are not worded properly. It is recommended that “Out of Office” replies should NOT include the following:
- Specific dates of your vacation (e.g., December 23-27)
- Corporate information you would normally include on a regular email (e.g., job title, company roles, chain of command details, etc.)
- Personal contact information such as a cell number
What would happen if an employee were to include all this information in their “out of office” automatic replies? A malicious actor could use this information to impersonate the employee while they are away! An attacker can easily find these types of automatic replies by means of mass phishing campaigns.
Deals and Promotions
This time of year also brings a surge of promotional scams. With the increase of malware related scams mentioned at the outset, it is important to be on guard when searching through our inbox. Scammers may include details about “jaw-dropping” holiday discounts to entice their victims. These may come in the form of phishing emails, text messages or advertisements while online shopping. Also, beware of fake in-app purchases or shared links on social media.
ALWAYS be wary of any links found in emails or text messages from unknown or unexpected senders. The link may have misspellings of a brand or have nontraditional characters embedded in it. If it is believed to lead to a reputable website, visit the site directly yourself instead of using the link. You can also try using free link checkers on the web to see if it is in fact malicious.
When deals seem too good to be true, it’s likely because they are. If you’re not sure whether an offer or deal is legitimate or not, always search and fact check first before taking any action. Always make sure you are shopping on the correct website as well. If you mistype a website by accident, there may be a scam website deliberately misspelled to catch accidental web traffic.
Beware of Delivery Scams! With the increased traffic of online shopping and package shipping, scammers are given another avenue to take advantage of. They may send out phishing emails and texts disguised as reputable companies like UPS, FedEx or Amazon. The message may claim to be a notification about incoming or missed deliveries. However, links attached to the phony messages may lead to sign-in pages asking for personal information or may be infested with malware.
Fake Charities
Scammers will exploit any possible situation and circumstance. They do not “play nice” or fair, regardless of what time of year it is. December is the most popular month for charitable giving. Scammers are aware of this and take advantage of it by creating fake charities, GoFundMe campaigns, and other charitable activities. These types of scams may also use current events, such as the war in Ukraine, to trigger an emotional response and click on a link.
In some cases, a charity may not be fake at all, however scammers can make a passable “lookalike” website to trick users. Because of this, always check the URL and charity name before donating. Be wary if a charity seems to be pressure you into a specific dollar amount, or if the details on how the money will be spent are vague. These may be signs of something nefarious taking place behind the scenes.
Securing Your Business
If you own or manage a business, what steps can you take to ensure that you and your employees navigate safely through the holiday season?
As mentioned previously, phishing emails are rampant throughout the holidays. Remind your employees to be extra careful about any emails promoting holiday offers and deals. Remind them of the added risk that comes with using a work computer for non-work-related activities such as online shopping or reading personal emails. This is especially the case for remote workers. Such actions put the security of a company at higher risk, more than the employee may realize.
With high stress and mental fatigue that comes with closing out a work year, it is important that no corners are cut when it comes to security infrastructure. This includes making sure all company software and applications are updated, scanned, and patched. Vulnerability assessments and testing are crucial all the time and should be no different even in the holiday season.
Implementing an Identity and Access Management (IAM) system will also help mitigate the chances of undetected cyber-attacks. It may be hard to keep tabs on all staff at once. During a time that mental fatigue may affect many, IAM systems will help manage your user access ecosystem.
Lastly, it may be very important to have on-call IT Security staff. With holiday breaks or general IT staff on vacation, there may be fewer eyes to attend to all systems and possible anomalies. Therefore, it would be worthwhile to have IT staff on call in the event a security incident occurs.
Moving Forward with Peace of Mind
We have learned about many ways scammers can take advantage of the holiday season to deceive their victims. We also considered ways to keep ourselves safe, whether we’re vacationing, online shopping from home, or looking after our company.
Of course, all these tips are not ONLY applicable to this time of year. In fact, they heighten our senses and can help us spot scammers well through the new year and the years to come. Only through learning about the tactic’s scammers use can we truly continue to improve our own personal security.
At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:
https://www.Social-Engineer.com/Managed-Services/.
Images:
https://www.hippopx.com/en/banking-buy-computer-credit-card-keyboard-macbook-online-shopping-355474
https://unsplash.com/@frantic