It’s the most wonderful time of year … for cybercriminals. Why? Because it’s the easiest time for them to use phishing attacks to target busy holiday shoppers.
“Cyber Monday sales this year surged to new highs, with a record $7.9 billion spent online that day, an increase of 19.3 percent from a year ago,” according to CNBC, which featured data from Adobe Analytics. “That’s after Black Friday pulled in a record $6.22 billion in e-commerce sales, while sales online Thanksgiving Day totaled $3.7 billion.”
It’s no wonder retailers had another recording-breaking year for online sales. Unfortunately, cybercriminals were just as successful. Over the nine-day Thanksgiving holiday shopping window (Nov. 19-27), SonicWall customers faced a 45 percent increase in phishing attacks compared to the average day in 2018. It’s a target-rich environment for cybercriminals to cash in, and the threat doesn’t end after Cyber Monday.
Don’t less phishers steal your holiday spirit. Thankfully, there are prove best practices to improve awareness so employees, consumers and businesses aren’t victimized by malware, ransomware or email threats like phishing attacks.
6 Phishing Attacks, Online Tricks & Holiday Scams to Avoid
Consumers are busy scouring the internet for the best deals whenever they get a few mins at work, whether in the office or remote. But this presents risk to both employees and businesses. Review these six attacks and scams to be on the look for this holiday season.
- Spoofed Websites: It is estimated that 46,000 new phishing sites are created every day, many of which are propagated through email. According to the Anti-Phishing Working Group (APWG), about 35 percent of phishing attacks were hosted on websites that had HTTPS and SSL certificates, so looking for the lock icon is not enough anymore. Cybercriminals are getting savvier, hijacking the look and feel of popular brands and using spoofed domains with hard-to-catch spelling variations to steal information.
- Phishing Emails: It’s the holiday season, so employees are in festive moods dreaming about vacation or distracted with online shopping. With the increase in the volume of phishing emails, it is easy to let the guard down and click on well-crafted phishing emails while trying to finish work before the holidays. Businesses should ensure they have a secure email solution implemented to mitigate email-based attacks.
- Gift Card Scams: Most major retailers offer gift cards that can be purchased electronically. This is truly a gift for cybercriminals to lure victims into clicking on an email offering a free gift card from a major brand or, in the case of a targeted phishing attempt, the gift card may appear to be sent from someone familiar, like a friend or co-worker.
- Shipping Invoices: This type of phishing email seemingly comes from a popular shipping service, such as FedEx, UPS or the USPS. Cybercriminals use the shopping season opportunistically to send email with phishing links under the guise of tracking a package or downloading a shipping label. Similar shipping phishing emails can come from major retailers like Amazon or Walmart
- Illegitimate Apps: Shoppers are taking to mobile apps to shop and the cybercriminals are taking notice. Lookalike apps and rogue apps crowd popular app stores and, once downloaded, prompt for credit card information, social media login credentials or permission to access data on your phone.
- Letters from Santa: Scammers send bogus emails promising to send your child a letter from Santa for a fee. Beware of clicking on such emails and providing payment information. Many, unfortunately, are scams that prey on unsuspecting parents.
Phishing Awareness for Employees, Businesses
Practicing simple awareness can keep employees and businesses safe from the majority of phishing-based cyberattacks. After all, criminals are counting on users to be too busy to take a few seconds to vet a deal, email or sale. Implement the following tips and best practices to ensure your holiday remains festive.
Tips for employees to enjoy shopping online safely:
- If the deal is too good to be true, then it probably is … don’t take the bait
- Stay away from suspicious websites promising coupon codes
- Hover over and scan URLs before clicking; malicious URLs are usually easy to spot (e.g., unknown domains, long string of numbers, etc.)
- Don’t provide personal information, such as passwords and credit card numbers, on unknown websites
- Use only reputable websites for online shopping
- Avoid using unsecure public Wi-Fi networks; if you must, use a virtual private network (VPN) to stay safe
Tips for organizations, businesses and enterprises to keep their employees safe:
- Refresh employee awareness and training programs to help them identify phishing emails
- Ensure endpoint devices are patched and updated
- Implement layered security with the following critical components:
- A proven next-generation firewall with strong IPS and URL filtering at the edge provides the first layer of defense
- An email security solution that goes beyond ensuring email hygiene and provides advanced capabilities, such as targeted phishing protection and sandboxing for attachments and URLs
- A next-generation antivirus (NGAV) or endpoint protection platform (EPP) as the last line of defense to protect devices in cases where malware defeats previous security controls to compromise an endpoint. Look for unique capabilities, such as rollback, so data can be restored if required.
SonicWall automated, real-time breach detection and prevent solutions help organizations implement a layered security architecture for enterprises, SMBs, governments, retailers, healthcare organizations and more.
SonicWall President and CEO Bill Conner and CTO John Gmuender walk you through the current cyber threat landscape, explore the importance of automated real-time breach detection and prevention, and address how to mitigate today’s most modern cyberattacks.