Holiday Phishing Attacks

Adrien Gendre

December 21, 2016

3 min

It’s the most wonderful time of the year, especially for cybercriminals who utilize the holiday season as a stage for a variety of phishing attacks. With everyone receiving tons of emails daily, cybercriminals can easily sneak into your inbox. Up to 80% of people fall for the holiday scams which make it to their inbox, resulting in devastating consequences. Unfortunately, this issue is only predicted to get worse, with a recent study expecting a 43% increase in online fraud attempts during peak holiday season.

surprised santa claus get message on laptop computer. on the red background

80% of people fall for phishing scams which make it to their inbox.

Yes, Holiday Scams ARE Your Problem

Think that holiday scams aren’t your problem because your organization isn’t retail? Think again. Your employees will be both shopping and falling for retail scams on your corporate network and machines… which means that your network is at risk if those phishing emails make it through your email filters.

Malicious attachments expose your network to malware, key-loggers, and ransomware… while successful retail credential theft could expose your network since most users repeat passwords across multiple personal and professional accounts.

Common Holiday Phishing Attacks

Everyone’s favorite season provides an ideal ground for cybercriminals to target unsuspecting individuals with holiday phishing attacks. These types of scams have become so rampant that the United States Computer Readiness Team (US-CERT) has issued an alert on this year’s holiday phishing scams and malware campaigns.

Fake Sales and Advertisements

If a deal seems too good to be true, it probably is. Unfamiliar websites with discounted brand name items or amazing travel discounts should be a major red flag for possible phishing attacks. These amazing deals entice victims into “purchasing” red-hot deals. The reality is that the scammers charge their cards, never deliver the goods, and then sell the credit card information on the black market as an added insult to injury. Worse, they might even get a handy user name/password combo to try out on your corporate network.

If discounts on brand name items or travel tickets sound too good to be true, it probably is.

Purchase Verifications

Cybercriminals know that many people use their credit cards regularly during the holiday season so they may not think about all the places they are spending money. This makes it easy for hackers to send counterfeit emails that appear to come from credit card companies or major retailers, asking that a “suspicious purchase,” get validated. Unfortunately, these emails usually lead victims to a fake login screen. This allows the hackers to steal banking or retailer login credentials with which they can wreak all kinds of havoc.

Cybercriminals steal credit card information by asking recipients to “login” to counterfeit webpages in order to “verify suspicious charges”

Shipping Information

Not only do cybercriminals send fake deals to entice victims into purchasing items that will never arrive, but they also send fake invoices and shipping updates of items that were never purchased. Cybercriminals send malware or ransomware hidden inside .pdf files or word docs made to look like shipping or purchasing invoices. These attachments will slip right through standard email security filters and can quickly own a single user’s laptop… or your entire network.

Malware can be delivered through attachments that look like purchase or shipping invoices.

Fake Charities

As sad as it may seem, cybercriminals take advantage of the giving spirit during this season as well. They send emails asking for donations from real or fake charities that in either case lead victims to fake websites. Money and credit cards details are stolen… a theft that often goes unnoticed as the processing charge may look legitimate.

Pay attention to website URLs to ensure you are going to the expected website, and not getting re-directed to a malicious site.

Defend Against the Cyber-Grinch – Get Advanced Email Protection.

Although you should be wary of phishing attacks all year long, the holidays provide an especially easy way into the computers and accounts of unsuspecting victims everywhere (including your employees). Your entire organization could easily become compromised from one employee opening a phishing email while connected to your network.

It can be hard to recognize a well-crafted phishing attack—even for an IT professional. Standard email security filters rely on blacklisting sender domains, phishing URLs, and malware signatures… they can’t keep up either. That’s why Vade Secure powers its next generation email security with big-data based artificial intelligence. Vade Secure sifts through hundreds of subtle factors to identify even the most sophisticated spear phishing and zero-day attacks and keep them from reaching your employees’ in-boxes.

Your employees can leave your network vulnerable to attack by unknowingly falling for phishing emails.

Tired of worrying about holiday phishing attacks?

Contact us today to address your personal needs.