We wanted to share these timely security tips from KnowBe4, the company that powers our 1-Guard Plus Increased Awareness module by delivering fake phishing campaigns and training to our clients’ employees. Remember that employees – and their awareness (or lack of) – are the weakest link into your network. Since every tip and reminder helps, we recommend that you share the tips below with everyone in your organization.
It may be the most wonderful time of the year, but the bad guys have plenty of surprise “gifts” all wrapped for you. To avoid opening an unexpected present, I’d like to discuss some of the most common holiday scams you should be aware of so you can protect yourself and your organization from a cyber attack.
Below are four major scams to watch out for this month, and how you can defend yourself against them:
Online Shopping Deals
Did you forget to get a present for Aunt Cheryl? The bad guys will be faking lots of holiday deals for desperate, last-minute shoppers. These might appear in your email inbox or through advertisements on social media and popular websites.
- Don’t click on ads or emails for deals that are too good to be true.
- Make purchases at your favorite online store by navigating directly to the site using your browser or using an official mobile app for the online store on your phone.
- Only shop from popular shopping websites that you know and trust. A lot of fake shopping websites pop up around the holiday season, with enticingly-low prices. Don’t fall for it!
Charity or Donation Requests
2021 was a difficult year for many, and legitimate charities and non-profits need your assistance. Unfortunately, the bad guys will take advantage of this by pretending to be charitable organizations. They will email you – or even call you –asking you for a credit card number to use for “donations.” Don’t fall for it!
- As a rule, never give your credit card information over the phone to anyone who calls you unexpectedly.
- If you receive an email from a charity or non-profit asking for donations, review the links, the sender address, and other components of the email to make sure the email is legitimate.
- If you want to donate, go directly to the charity or non-profit’s official website and look for ways to donate through their site.
Delivery or Shipment Notifications
Don’t get excited about an unexpected delivery notification. You may think you’ve received a surprise gift or finally got that delivery you’ve been waiting for. Instead, that notification you received could actually be a phishing attack. These attacks are often successful during this season because people are expecting more deliveries and shipments than normal. So, to stay alert and protect yourself, follow these rules:
- Look closely at delivery and shipment notifications to make sure they’re legitimate.
- If you do shop online, go directly to the store websites to track your orders and shipments rather than click links in emails.
Fake Receipts or Financial Statements
Since more people than ever are doing their holiday shopping online, the bad guys know that you might be receiving lots of receipts in your email from various online shopping websites. You might also be receiving credit card or banking statements that list recent charges posted to your account.
- Even if you receive a receipt from a company you buy from regularly, look at it closely before clicking any links or opening any attachments. If you don’t recognize the purchase, don’t click anything.
- Remember that many phishing emails try to “shock” you into clicking without thinking. So, if you see a receipt with a very expensive purchase price on it or a “your payment is late” email from your credit card or banking institution, make sure you stop, look, and think. The email might not be legitimate.
- Always visit a company’s official website to review your supposed late payment or recent purchase by either typing the web address into your browser window or by using their mobile app.
Always remember: Never click on links or open attachments in an email that you weren’t expecting. This single rule will help you avoid many common holiday hacker tactics.