Retailers aren't the only ones who will profit this holiday season. Share these critical steps with your employees. Work and personal inboxes are flooded this time of year with enticing holiday shopping deals potentially using social engineering tactics that put your company at risk. The Holiday season is the biggest shopping season – and also the largest and most profitable phishing season for cybercriminals.
From online shopping to package delivery notifications to flight updates, discover how to protect yourself and your company from cybercrime this holiday season.
Now is the time to take steps to secure your information online and keep a vigilant eye on your email, especially since the boundaries of expected emails broadens with online shopping, flight updates, package delivery notifications, and other items leading up to the holidays.
Below are practical tips to help keep yourself, your organization’s systems, networks, data and your supply chain, safe this holiday season and throughout the year.
Issue: Restrict Access to Your Accounts
Solution: Use Multi-Factor Authentication (MFA). MFA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are, and it’s a necessary step in maintaining your online account security.
Issue: Avoid clicking links in email
Solution: Log into your account at the website without using any information from the email.
Issue: If you must click a link in an email…
Solution: First - hover over links with your mouse and check the URL. If the URL doesn’t match what you’re expecting, don’t click it! Be especially cautious of things that are almost what you’d expect, like words that use homoglyphs or website URLs like orders-amazon.com instead of amazon.com – this is a favorite trick of scammers!
Issue: Why can't I use my work email address for personal use like shopping, signing up for newsletters or making hotel reservations not related to business travel, etc.?
Solution: Only use your work email for work-related items. Remember – your work email is company property! Using your work email address for personal things raises the chances that your company could be the victim of a data breach. It's not worth the risk.
Issue: Receiving emails that you weren’t expecting.
Solution: Apply an extra degree of scrutiny and caution to them. When in doubt, don’t click! Log into your online account through their website and contact the individual in question through other means (in person or via phone call) to confirm the legitimacy of the email.
Issue: If something sounds too good to be true, it probably is.
Solution: Avoid clicking email or message links! If you receive emails or text/SMS messages offering free gift cards or services, be extra suspicious and don’t click! there should be a code in the email or message that you can redeem on the website of the gift card provider. To find that company’s website or place to redeem the voucher, use your favorite reputable and trusted search engine…but don’t click on the sponsored links or advertisements! If the code doesn’t work, call customer service for the company instead of replying to the email.
Issue: Watch out for fake order receipts!
Solution: Don’t click on links! Cybercriminals know that everyone is busy with holiday shopping and defenses are lowered, making it the perfect environment to send false order receipts with malicious code to wreak havoc on your holiday cheer. Be extra cautious of order receipts with a link to “check the status of the order” or “cancel this order”. Those links may be designed to take you to a website that could try to steal your credentials or install malware on your computer. Take the extra step and log into the company’s website to check on the status of orders and view your order receipts.
Issue: UPS, FedEx, and USPS delivery notifications. Be very cautious!
Solution: Log into the service you ordered the goods from directly – your tracking number (and usually a safe and clean link to the tracking details) should be on your order at the service. Cybercriminals have been using this ploy for years to get people to divulge passwords or install malware.
Issue: Someone is requesting a financial action such as gift card purchases, wire transfers, banking info, or changing a direct deposit account via email.
Solution: Call them using a phone number not listed in the email to verify that they’re actually requesting this of you.
Issue: Bank and credit card accounts.
Solution: Watch accounts closely and daily. Phishing, skimming, data breaches, public wi-fi networks, and even the physical garbage you dispose of can give hackers access to your accounts. Keep a close eye on your accounts and respond to discrepancies quickly. This is the time of year when many retailers encounter data breaches where your financial information is compromised.
Issue: Is this email legitimate?
Solution: If you’re ever unsure, check with your IT services provider to have them check questionable emails for you. Report suspicions or accidental clicks right away. Don’t be embarrassed! The small delay of having the skilled eyes of an IT professional check is better than the hours of downtime and damage of being victimized by the malicious cybercriminals out there!
Happy holidays and stay cyber-safe.