For those who celebrate, it’s that time of year again — a time for decorations, eating food that you normally wouldn’t, and of course, maxing out credit cards on holiday shopping for gifts or the aforementioned expenditures. But with many of us doing both our shopping and our working from home this year due to COVID-19, the environment in 2020 poses an even greater risk to cybersecurity.
This year, it’s not just individuals who need to keep an eye on their wallets and protect themselves from scammers and thieves. Businesses and organizations of all sizes need to be aware of holiday phishing scams and how they pose a risk to your entire company.
(Working From) Home for the Holidays
In an office, it would be relatively simple to check if a colleague had sent a request for a business bank transfer by walking over and asking if they’d sent the message. But with people working from home, making those checks isn’t so simple. Remote workers are more susceptible to impersonation attacks that encourage individuals to perform an action such as carrying out a wire transfer or sharing sensitive data. Throw in holiday-related scams, such as company charity drives, donations, corporate gift giving, etc., and you can easily find yourself in a situation where you no longer know what’s real and what you can trust.
During this holiday season, be extra aware of communications from company leadership regarding things like holiday policies, bonuses or anything out of the ordinary. Verify the sender’s email and contact your manager directly. For anything suspicious, talk to HR or IT security.
‘Tis the Season for Phone Scams
During the holiday season, there may be more calls purportedly made from “charities” soliciting donations (people are more inclined to give around this time) or “companies” claiming they need more information (like credit card data) in order to resolve issues with product orders or package deliveries of important gifts being sent to loved ones. What’s more, they can claim they’re calling on behalf of your own organization that you yourself work for. This form of social engineering is a popular way of getting you to leak sensitive company information and can lead to a very costly data breach for your enterprise. When in doubt, always contact your organization yourself to verify the legitimacy of the call.
“Wait. Did I order that?”
With so many people doing most or all of their holiday shopping online, there is a noticeable increase in the number of invoices, receipts and order confirmations popping up in everyone’s inboxes. Normally, an unexpected message from Amazon would raise a red flag, but this time of year many users would open the attached PDF without a second thought. Much like phony invoices, fake shipping notifications and updates are finding their way into unsuspecting users’ inboxes. This particular phishing method can often be more effective, as it relies not on a fake purchase, but on making the user worry that there is a problem with a purchase they know they’ve made. A notice from UPS letting you know your package is delayed is bound to get a click-through from a user who is, in fact, expecting a delivery via UPS.
All it takes is one mistake from one person to compromise the security of an entire organization. With the combination of the holiday season and working from home, the likelihood of that happening increases exponentially. It’s important that everyone is made aware of this, and that a plan is put in place for when — not if — it eventually happens.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!
