Posts

Beware of Email Scams and Ransomware This Holiday Shopping Season

The 2016 Holiday shopping season is well underway, and we are poised for a record-setting year.

The National Retail Federation reports that over 154 million consumers shopped over the Thanksgiving weekend, up nearly 2% from 2015. A very telling statistic highlights the brick-and-mortar vs. online shopping trend: the survey found that 44% of shoppers went online, whereas 40% shopped in-store. And, the large concentration of retail commerce over the weekend was heavily influenced by which day it was. For those consumers that skipped the in-store crowds and opted to shop online,

  • 74% shopped on Black Friday (up 1.3% from 2015)
  • 49% on Saturday
  • 36% percent on Thanksgiving
  • 34% on Sunday

The mad rush to shop online these final weeks of the year is a financial boon to online retailers hoping to close a strong year – and to spammers and cybercriminals hoping to cash in as well with ransomware, phishing, and malware traps. Earlier this month our President and CEO, Bill Conner, wrote a blog with some great guidelines to protect yourself and your organization from emerging threats.

HOLIDAY RUSH
The holidays can be a frenzied time for anyone – whether it be last minute shopping, arranging or attending parties, or making last-minute travel plans. It’s equally busy at work, as you try to wrap up projects or complete financial planning, all before the holidays. The holidays are a time to sit back and relax, but only after necessities are taken care of – the calm after the storm. But if you’re not careful online, cyber-criminals are ready, and waiting.

OH, YOU BETTER WATCH OUT…
Employees and consumers can take a variety of precautions to protect their personal and corporate assets when shopping online. One of the simplest ways to protect yourself is to use separate work and personal email addresses for your online transactions. Avoid using the same email address for both work and personal items. Additionally, make sure your password is unique and difficult to guess – making things more difficult for cyber-criminals.

According to Google, an ever-increasing number of online shoppers used their smartphones to make purchases. And, this increased usage is accompanied by an increased online time – on Black Friday shoppers typically spent between 35 – 90 minutes visiting online electronics stores.

But in addition to online shopping, users continue sending and receiving emails at a record pace. According to the Radicati Group, the number of emails sent and received per day exceeds over 205 billion, and this volume is expected to reach over 246 billion by 2019. This confluence of accessing email or online shopping anytime, anywhere, is incredibly appealing. And corporations are now susceptible to an emerging threat: Ransomware attacks, where cybercriminals access confidential information, and extract payment to return this data. Even though ‘tis the season, you should still proceed with the utmost caution!

SEASON’S GREETINGS
Following are some recent trends and spam messages the SonicWALL Threat Research Team has identified this season:

  1. A personal letter from Santa to a loved one (phishing emails attempting soliciting your personal info) is the most common email threat detected this year.
    Phishing Email Scam
  2. Holiday deals from unknown sources, leading you to survey sites in hopes of getting you to divulge your personal info.
    Phishing Email Scam
  3. Year-end tasks including annual health-care enrollment, renewal of insurance, etc.
    Phishing Email Scam
  4. Gift cards are one of the fastest growing categories this year and we see similar growth in first card related spam and phishing emails.
    Phishing Email Scam

These examples are a small sample of what you might experience over the next few weeks. To help you this holiday online shopping season, below is a refresher on what you can do to not fall prey to these grinches:

  • Don’t click on URLs in emails [especially on Mobile devices] without checking its full path and understanding where it is leading to. This is especially important when connected to a public Wi-Fi. Staysafeonline.org has issued an infographic  on mobile security and elaborated this topic further.
  • Don’t download any plug-ins from the email link itself. Go to the vendor’s (Adobe, Microsoft etc.,) website to download plug-ins
  • Be wary of enticing online offers – especially if you’ve never heard of the business
  • Last minute upgrade requests from IT – upgrades are usually done with advance notice and communication

To test your knowledge, take this quick SonicWall Phishing IQ Test and avoid the holiday blues!

Take Control of Your Network During the Holiday Shopping Season

It’s the holiday season and that means we’re all busy with fun activities. Take online shopping for example. Many of us will do it between Black Friday and New Year’s, even for just a little while. Some of us do it at work. When employees spend time shopping online during work hours it presents challenges for any organization. Perhaps the three biggest challenges are network security, employee productivity and bandwidth consumption.

How popular is online shopping? Last year, data from the National Retail Federation (NRF) revealed that retail holiday buying increased 4.1% to just over $600 billion. Much of that shopping was done online. This year the NRF is forecasting retail sales of $630 billion, up 3.7% over 2014. According to an NRF survey almost half of all holiday shopping, whether it’s making a purchase or merely browsing, will again be done online this year. Let’s take a look at the impact this has on organizations and the steps you can take to overcome the challenges online shopping poses.

Network security

  • Malware – Employees who shop online at work inadvertently create opportunities for malicious attacks directed at your network and your organization. The most common threats are viruses, worms, Trojans and spyware.
  • Phishing – Phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from unsuspecting recipients.
  • Malicious advertising – Commonly referred to as “malvertising,” this threat uses online advertising to spread malware which can then capture information such as credit card and social security numbers from infected machines.

Employee productivity

  • The big drain – With workers bringing their own smartphones and tablets into the office, we’re seeing an increased blurring of the line between work life and personal life as employees exercise more freedom to use these devices for personal activities such as online shopping during work hours. When they’re shopping on company time it means they’re not working so their productivity has decreased.

Bandwidth consumption

  • Disappearing bandwidth – With about half of your employees shopping online during the holidays, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use.

While you can’t completely eliminate threats to your network, drops in productivity and misuse of valuable bandwidth, there are measures you can take that are well within the reach of your organization simply by practicing good digital hygiene. Here are five things your organization can do to reduce the risks of a successful attack while maintaining productivity levels and conserving bandwidth.

  1. Help employees learn how to avoid malvertising and recognize phishing emails. Be on the lookout for suspicious emails and links, especially those requesting sensitive information.
  2. Educate employees to use different passwords for every account. Establish policies for strong passwords such as guidelines regarding password length, the use of special characters and periodic expiration, and reduce the number of passwords through single sign-on.
  3. Because many attacks are based on known vulnerabilities in browsers including Internet Explorer, as well as in plug-ins and common apps, it’s critical to apply updates and patches promptly and reliably. They will contain fixes that can block exploits.
  4. Make sure you install an intrusion prevention system and gateway anti-malware technology on your network. They add important layers of protection by blocking Trojans, viruses, and other malware before they reach the company network. They can also detect and block communications between malware inside the network and the cybercriminal’s server on the outside.
  5. Take back control of your network by limiting the use of your bandwidth to business-related activities. There are several technologies available such as content and URL filtering that can be used to prevent employees from visiting websites dedicated to shopping and other non-productive topics. Also, application control provides the tools to restrict the use of applications such as social media to employees who have a business reason to use them.

SonicWall offers a complete range industry-leading next-generation firewalls that secure your network from threats and give you the controls to keep employee productivity high and bandwidth focused on business-critical applications. To learn more about how these solutions can help you during the holiday shopping season and beyond, please visit our website.