The Holiday season is the biggest shopping season – and also the largest and most profitable phishing season for cybercriminals.
Now is the time to take steps to secure your information online and keep a vigilant eye on your email, especially since the boundaries of expected emails broadens with online shopping, flight updates, package delivery notifications, and other items leading up to the holidays.
Here are helpful tips to help keep yourself (and your organization’s systems, networks, and data) safe this holiday season… and if you want to be a real cybersecurity hero, keep these tips in mind all year round!
Issue: Avoid clicking links in email
Solution: Log into your account at the website without using any information from the email.
Issue: If you must click a link in an email…
Solution: Hover over it with your mouse and check the URL. If it doesn’t match what you’re expecting, don’t click it! Be especially cautious of things that are almost what you’d expect, like orders-amazon.com instead of amazon.com – this is a favorite trick of scammers!
Issue: Don’t use your work email address for personal use like shopping, signing up for newsletters or making hotel reservations not related to business travel, etc.
Solution: Only use your work email for work-related items. Remember – your work email is company property!
Issue: Receiving emails that you weren’t expecting.
Solution: Apply an extra degree of scrutiny and caution to them. When in doubt, don’t click! Log into your online account through their website and contact the individual in question through other means (in person or via phone call) to confirm the legitimacy of the email.
Issue: If something sounds too good to be true, it probably is.
Solution: Avoid clicking email or message links! If you receive emails or text/SMS messages offering free gift cards or services, be extra suspicious and don’t click! there should be a code in the email or message that you can redeem on the website of the gift card provider. To find that company’s website or place to redeem the voucher, use your favorite reputable and trusted search engine…but don’t click on the sponsored links or advertisements! If the code doesn’t work, call customer service for the company instead of replying to the email.
Issue: Watch out for fake order receipts!
Solution: Don’t click on links! Cybercriminals know that everyone is busy with holiday shopping and defenses are lowered, making it the perfect environment to send false order receipts with malicious code to wreak havoc on your holiday cheer. Be extra cautious of order receipts with a link to “check the status of the order” or “cancel this order”. Those links may be designed to take you to a website that could try to steal your credentials or install malware on your computer. Take the extra step and log into the company’s website to check on the status of orders and view your order receipts.
Issue: UPS, FedEx, and USPS delivery notifications. Be very cautious!
Solution: Log into the service you ordered the goods from directly – your tracking number (and usually a safe and clean link to the tracking details) should be on your order at the service. Cybercriminals have been using this ploy for years to get people to divulge passwords or install malware.
Issue: Someone is requesting a financial action such as gift card purchases, wire transfers, banking info, or changing a direct deposit account via email.
Solution: Call them using a phone number not listed in the email to verify that they’re actually requesting this of you.
Issue: Bank and credit card accounts.
Solution: Watch accounts closely and daily. There’s been a lot of e-skimming going on this year, with attackers deploying malicious code on e-commerce sites to steal credit card information from unsuspecting customers. www.macys.com was recently victimized by this type of attack in October, so it isn’t just the small online outlets you have to worry about.
Issue: Unsure of email; waiting to report suspicions; not reporting accidental clicks on malicious links.
Solution: If you’re ever unsure, check with your IT services provider to have them check questionable emails for you. Report suspicions or accidental clicks right away. Don’t be embarrassed! The small delay of having the skilled eyes of an IT professional check is better than the hours of downtime and damage of being victimized by the malicious cybercriminals out there!
Happy holidays and stay cyber-safe.