We know and you also know that the holidays are an awesome time for everyone, including cybercriminals. It's when people are lowering their guard, thinking about the year that is about to end, receiving emails with discounts and promotions, and also preparing for shopping.
Inside the companies, the scene repeats itself. Employees are finalizing the last obligations of the year and receiving various emails with requests, offers, gift cards and thank you messages. And it’s precisely at these festive times of the year that the volume of phishing and spear phishing email increases.
How to prevent email scams in the holidays
Every year we hear of companies and people who fall into email frauds during the holiday season. What we say here at Gatefy is that there isn’t such a thing as a best time of the year to protect yourself. You need to be protected year-round no matter what. This means that your business also needs to be protected all the time.
Here we have a list to help you avoid email scams during the holiday season.
1. Gift cards scams
To get started, beware of free gift card emails. Most of the time, this is a phishing scam to get sensitive information. Now think of another typical example of gift card scam: an employee receives a request from a director to buy gifts cards for business reasons.
The employee buys the gifts cards but doesn't realize that the message didn't come from the director. He was lured and deceived by a cybercriminal who compromised and spoofed the director's email and impersonated him. This is a BEC scam (Business Email Compromise), a type of spear phishing.
2. Spoofed websites
Thousands of phishing sites are created daily. They are replicas almost identical to the original ones. Then the hackers use email campaigns (or phishing) and social networks to spread them. So beware of fake domains. Just to give you a real example: www.ray-ban.com isn't the same as www.rb6.us.
When it comes to companies, a fraudster can create a fake website of a partner and send an email to an employee requesting him to update the company's data and the payment information.
3. Shipping scams
This is another popular type of phishing attack. Criminals use the name of well-known companies, such as UPS, FedEX, Walmart and Amazon, to apply scams in the shopping and shipping season. In general, they send an email with a malicious URL or attachment under the pretext that the victim needs to update a delivery information, needs to download a shipping label or even track a package. The result is a data breach, a malware infection or both.
4. Awareness training
We've been talking a lot about security awareness. It's critical to keep your business protected. Most cyberattacks begin with human error. That said, gift cards scams, spoofed websites and shipping scams will only succeed if someone falls into the fraud. So train your team to recognize the main characteristics of threats.
Besides that, you should look for an email protection solution. As we say, it's always good to be prepared and protected. Year-round, of course!