If it is estimated that attacks against computers have doubled in a single year, the last days of the year mark an imaginary Armageddon from the point of view of cybersecurity specialists. The greatest danger to companies is posed by employees themselves.
“The period around Christmas is characterised by an increase in phishing attacks targeting our email inboxes. Despite security training, we still encounter more than half of such attacks, where the employee willingly opens the trap,” warns David Pícha, business development manager for cyber security at Integra Czech Republic.
Phishing is a technique that attempts to deceive users by planting, for example, a fake email, SMS message, mobile device notification or other methods that pretend the information comes from a trusted source such as a bank, e-shop, delivery or other service.
“Some people are simply unteachable and the scams are becoming more sophisticated and look so trustworthy that they are almost impossible to detect. At the next stage of the attack, it’s up to the security mechanisms at the endpoint or on the company’s network,” adds David Picha.
Fake winnings and discounts are a common threat “under the tree”
The most common lures are promised gifts and prizes, offers of attractive discounts, prompts to collect a parcel or warnings before an online service expires. Electronic Christmas greetings from seemingly familiar senders also pose a risk. The threat doesn’t just have to come online – it can also be delivered by a courier as a Christmas present from a supposed business partner: perhaps in the form of a jokey-looking flash drive.
By spoofing the web, it is easy to steal card details
“Every click on the fake link can open a path to your computer or company network. Filling in login or credit card details on a cleverly mimicked bank site can end up emptying a personal account,” reminds the cybersecurity expert. “Yet this is a well-known trick that attackers have been using for years. Before Christmas this year, we saw an attack where hackers impersonated Post Office employees,” he adds.
Check where the link in the mail goes
Attackers often use time pressure on the user to perform a given action thoughtlessly and immediately. If it’s a small amount, as in the recently circulated fake mail message about a package awaiting delivery, attackers increase the chances of inserting card details. We should always check the URL to which the email notification is directed.
Never click on an unknown link, it is advisable to check with someone first and then share such information with colleagues who may have the same email in their inbox.