Stay Safe from Phishing Attacks and Online Scams this Holiday Season

Stay Safe from Phishing Attacks and Online Scams this Holiday Season

If you are reading this post, it means you were not given the Mufasa treatment while trying to take home that 65" LED flat-screen earlier this morning. Yes, leaving in its wake ransacked shelves and obstacle courses of discarded items, Black Friday is officially here, marking the beginning of the holiday shopping insanity.

This time of year is a feeding frenzy for hackers and cybercriminals hungry to exploit the large volume of E-commerce purchases. With online shopping season in full swing, are you practicing safe online habits? A new infographic by ZeroFOX depicts that 64% of organizations report an increase in cybercrime during the holiday season, and phishing links go up as much as 336% after Thanksgiving. 

What scams should you be on the lookout for over the next month?

First, let's look at the tactics successful cybercriminals employ when casting their reels...

What are Different Phishing Techniques Used by Attackers?

The scope of phishing attacks is constantly expanding, but frequent offenders tend to:

• Embed a link in an email that redirects the user to an unsecured website that requests sensitive information
• Install a Trojan via a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information
• Spoof the sender address in an email to appear as a reputable source and request sensitive information
• Attempt to obtain company information over the phone by impersonating a known company vendor or IT department

How Can You Avoid Phishing Attacks?

1. Don't reveal personal or financial information in an email.

Furthermore, make sure not to respond to email solicitations for this information. This includes clicking on links sent in these emails. If you are unsure call the entity or access their website directly and not through the link in the email. Banks and other financial institutions will NEVER request sensitive data via email. 

2. Before sending sensitive information over the Internet, check the security of the website.

Are they practicing safe browsing habits? Check for the encrypted lock icon in your browser to ensure the site is secure. 

3. Pay attention to the website's URL.

Not all emails or email links seem phishy, and you may be lured into a false sense of security. Many malicious websites fool end users by mimicking legitimate websites. One way to sniff this out is to look at the URL (if it's not hidden behind non-descript text). You may be able to detect and evade the scheme by finding variation in spellings or a different domain (e.g., .com versus .net).

4. Verify suspicious email requests by contacting the company they're believed to be from directly.

If say you receive an email from Wells Fargo that seems to be off, reach out to the bank with their inquiry. Contact the company using information provided on an account statement or via their actual website, NOT information provided in the email. 

5. Keep a clean machine. 

Having the latest operating system, software, web browsers, antivirus protection and apps are the best defenses against viruses, malware, and other online threats. Our nology networks Business Care service does just that to keep your machines protected from many threats. 

Email phishing is a 24x7x365 security concern you must be knowledgeable of, but with today kicking off the holiday shopping season, be prepared for an influx of malicious activity.  

How Can I Stay Safe With Online Holiday Shopping?

Scammers can be lurking with bogus websites and fake emails to steal victims' money and identities. As such:

1. Be wary of emails with enticing sales. 

As we covered above, following links from phony e-mail is one of the oldest methods for perpetrating any online scam. This holiday season, attackers will attempt to fool clients with messages teasing unbeatable sales at known sites, like Best Buy and Amazon. Make sure your end users don't click these links. Instead, open your Web browser, enter the URL to the site offering these discounts and search for these "steals of a deal" manually. If they can't find the amazing offer, it's likely a scam.

2. Shop only on websites they know and trust.

With many retailers offering deep discounts, sometimes as much as 50 percent, it may be tough to figure out which deals are too good to be true.

3. Secure your purchases.

You should only enter credit card details on web pages that use SSL (secure sockets layer) security. To determine this, check to see that the URL for the page begins with "https://" and not "http://." That "s" lets you know the site is secure. Most browsers will also show a lock icon in the lower right corner of the browser window to let you know you're on a secure site.

4. Pay with credit cards only. 

If you can pay for online purchases with a credit card as opposed to a wire transfer or other non-plastic payment method. Federal laws let you dispute an item on your credit card bill if you don't receive your purchase, and many credit card providers also have "zero liability" policies meaning you're off the hook if a bad guy gets your credit card and starts using it.

5. Use different passwords across multiple sites. 

Attackers will use the same user name/email and password combinations harvested in an attack across multiple sites. These cybercriminals freely trade this information and have the time and resources to try the combinations against multiple sites.

6. Create a "throw away email account."

All of the major email services like Gmail and Yahoo allow you to create free email accounts. Consider creating an email account just for this year's shopping and stop using it after the holidays. Furthermore, use this email address as your user name for all online transactions that require one. This will reduce SPAM in your primary email accounts, and help keep attackers from gaining access and obtaining sensitive data shared there.

Need help understanding the state of cybercrime or how to protect yourself and your business? Contact nology (Minneapolis / St. Paul IT Support and Consulting) today for a free network security assessment and report.

Happy Holidays!