Holidays have gotten a lot more convenient than they used to be. Gone are the days when we had to rush the mall on Black Friday, loading our down-jacketed arms with bags and boxes, rushing to snag the last WalkMan from the shelf at RadioShack. Now, we can do our shopping from the comfort of our desk chairs, our beds, the line for Eggnog lattes at the coffee shop. Holiday shopping is a lot easier than it used to be—but it’s also a lot less safe. We might feel secure, sitting all alone in our PJs shopping for vintage records online, but we could actually be moments away from falling victim to the latest phishing scam.
As you might already be aware, phishing has earned its place as one of the most popular scams of 2017. From the Google Docs phish to the recent banking trojans infiltrating systems via spam emails, phishing emails have been both frequent and effective. Not only do they keep popping up, we keep clicking on them—creating a vicious cycle in which hackers continue to move through phishing attacks because we continue to fall for them. Unfortunately, this cycle only gets worse around the holidays. According to data from Kaspersky Labs, phishing attacks increase during the holiday season, as web traffic spikes and more transactions take place online. The hustle and bustle of the holiday season makes a phishing email promising a killer deal—only a convenient click away—all the more enticing. It’s no wonder that more infected links get clicked this time of year than any other.
But the fact that the trend is understandable doesn’t make it any less dangerous. Clicking on infected links or pop-ups can put your personal data and financial information at risk, and perhaps even jeopardize your identity. And because scammers have become increasingly skilled at covering their tracks, you may not even realize you’ve been compromised until it’s too late. Rather than a having a restful and stress-free holiday, you could be looking at a nightmarish scramble to track down unusual expenses, cancel credit cards, and perhaps even re-establish your stolen identity due to the latest phishing scam. And all because of something as seemingly inconsequential as clicking a link in an email.
But this can all be avoided with a little bit of phishing awareness. Being on the lookout for these kinds of scams and knowing how to deal with them significantly lowers your risk of being phished. Here’s what you need to know:
Think before you click. If you receive an email offering a deal or asking you to follow a link to shop, STOP. Even if it appears to be coming from a legitimate vendor, take a minute to stop and take a closer look.
Know the warning signs of a scam email. Is the sender’s email address a little bit off (think waalmart.com or targett-deals.net)? Does the email contain spelling or grammar mistakes, or odd syntax? And remember: just because an email contains the logos and colors of a particular brand does NOT mean that it is legitimate.
When in doubt, go straight to a vendor’s known URL to check on the legitimacy of a deal. If SweaterDeals promises 75% all sweaters, and asks you to click through to see the merchandise, delete the email, go to your web browser, and type in sweaterdeals.com yourself to confirm the deal.
Remember that if a deal seems too good to be true, it probably is: if an email promises you a flatscreen TV 90% off if you click a link, then the resulting malware might just be what you get for being so gullible.
Above all else, remember the golden rule of web safety: better safe than sorry. Nothing is worth loss of financial data or identity. Nothing. If an email seems at all off, delete it. There are enough legitimately good deals on the internet–we don’t need to mess with the latest phishing scam.
Lastly, keep in mind that safe security practices don’t begin and end with holiday shopping, nor do web scams begin and end with phishing emails. Unfortunately, there are thousands of hackers out there using various sophisticated methods to steal money, data, and identities on a daily basis. Almost anything on the web can be manipulated to hurt you. The surest way to avoid getting scammed or cheated is to stay informed: keep track of the latest hacks (follow the GLS blog to get our take on new scams as they unfold), and stay educated about how to secure yourself and your systems against new breaches.
What Can You Do?
GLS knows that your employees’ cybersecurity awareness should not stop when they leave the office at the end of a workday. The principles they learn as part of their training at work should be extended to protecting personal data so that good habits are practiced 24×7 to reinforce positive behaviors and prevent phishing attempts.
As part of our Human Firewall 2.0 program, Global Learning Systems offers courses for prevention of online phishing scams in: