Cookies, Presents and Identity Theft?

How to survive the season of phishing attacks

Cookies, presents, full parking lots and the endless stream marketing emails selling you the best deal. It’s those little things that make the holiday season what it is.  What isn’t in the holiday spirit are hackers and phishing campaigns stealing personal and financial information.  No one is asking to be a victim of identity theft for Christmas.

In efforts to get presents under the tree, inboxes are bombarded with nonstop emails.  Think about your inbox right now.  It’s probably full of sales emails (Last chance for 30% off!!!!!!), order confirmations and shipping confirmations. The issue becomes that hackers don’t retreat for the holiday season.  In fact, with online sales making records, it’s prime real-estate for personal and payment information.  So, with that, phishing and social engineering attacks easily get mixed into the avalanche of emails waiting for unsuspecting users to click on malicious links.

Although asking nicely for hackers to stop won’t work, we can generate awareness and educate ourselves on how to better identify attacks.  We’re all familiar with breaches and common tactics, however, in the moment of going through hundreds of unread emails it’s easy to get tricked in the moment.

There are a few action items to be proactive against attacks.

Due to the evolution of attacks and security, typical training courses aren’t as effective as they once were.  The concept of walking through a static training course doesn’t match the evolving tactics and skillset of attackers today.  KnowBe4’s vetted training combines baseline testing, training, and simulated attacks to ensure a comprehensive course.

Training and awareness in combination with email protection tools, like Proofpoint, can safeguard against attacks.  From malware to threats such as imposter email or business email compromise, filtering controls allows for quarantining of unwanted email.  This way you don’t have to worry about threats even reaching your inbox.

Being proactive doesn’t have to wait for implementation of those tools.  In the meantime, here’s our PSA on what to be on the lookout for:

  • Email addresses.  It can be as small as a missing or additional letter or a different domain. Also, be sure to connect the name with the email address.
  • Links.  Check the URL to confirm legitimacy by hovering over the link.
  • Attachments.  Hackers are known to hide malware and viruses in attachments.  Be cautious opening any attachment.

And if you always remember to double and triple check everything, then hackers will strike out on deceiving you this holiday season! (But if you do find yourself a victim of identity theft, here are some tips.)