Phishing the unwanted present this Christmas

In the run-up to Christmas, our online activity increases as we buy more of our seasonal gifts online. As hard-pressed retailers scale up the pace of their online promotions, particularly around Black Friday and Cyber Monday, we may frantically want to take advantage of attractive offers. But beware, the more online transactions we carry out, the greater the risk of cyber fraud. 

Phishing attempts are a constant threat any time of year with fraudsters increasingly trying to tease out the logon information that we use for a variety of services and suppliers. During the Christmas season, there’s a noticeable increase in cyber attacks, due partly to the number of people using online services to purchase Christmas gifts.  In the frenzy of ordering presents and receiving acknowledgement emails for orders, it’s easy to be distracted and miss something by mistake.

It’s easy enough to re-set your Amazon password after being prompted or log into your eBay account to check your order after receiving an email. What if that prompt email was a fake?

How do you guard against phishing?

Now is a good time to remind staff and colleagues to be on their guard against phoney emails, as it’s more likely they will be ordering goods from various online stores and merchants. You have to accept that it’s likely that over the next few weeks, your staff will use their work computer to place Black Friday orders and buy Christmas items online. Even if they don’t use their business email, hackers could obtain their work contact details via the IP address. You therefore have to make sure that everyone is vigilant and aware of security measures that need to be adopted to guard against cyber breaches and fraud.

The phishing example below was sent to a client not long after making a purchase on Amazon.

Real-life phishing attempt

It would have been a simple mistake for our client to have clicked the link, but as they have been actively encouraged to check emails, they spotted that the sender’s address on the email was not as expected.

You need to communicate to your entire team that phishing attempts will increase over the next few weeks. You should provide some refresher training and advice on what they should be looking out for to identify a phishing email. The tips below might be helpful in jogging their memories:

Make sure your staff take on board the need to be vigilant in relation to external emails. Emphasise that if they aren’t sure about an email at any time, they should always ask for advice from your IT department or outsourced IT partner. Your IT experts should be able to answer any questions or queries staff may have and help reduce the risk of a hack.

For more information and advice on cyber security, contact us