With Christmas and the new year just around the corner, you are likely looking forward to taking time off, having a relaxing break, and reinvigorating your mojo ready for 2021. In the year that has been dominated by Coronavirus, working from home, and mixed messages from the government, it certainly is needed. However, there is one important message you need to take home with you, and that is to remain vigilant, stay alert and keep yourself safe because while the Christmas period represents a break for many, it represents a period of opportunity for criminals.
Whether you are out shopping on the high street or looking for online bargains, Christmas and New Year is prime time for malicious threats and social engineering. The people behind these scams will not be taking time off, quite the opposite, they’ll tailor their attacks and focus them around popular interests such as Christmas shopping and New Year bargains.
The way these attacks work is usually simple;- you receive an offer for something like Christmas vouchers or a post-Christmas sale, with the promise of saving you money. You might be asked to sign up for a ‘newsletter’ using an email and a password or generally a prompt that requires quick action and ‘just a few details’. For the most part, it all sounds okay, but these attacks are a statistic game and play on averages, if you are like 65% of the rest of the world’s population, you use the same password for multiple accounts including business accounts.
Online shopping has seen a meteoric rise since lockdowns began in March, and with Christmas and New Year following a similar path, these scams are only going to increase, in both number and complexity. Just last year there were over 293 Billion emails sent every day and over 3 Billion of those were malicious threats trying to trick you and me into doing something that if we knew the consequences, we never would!
Statistics from Black Friday provide further insight and it is predicted the most common scams for Christmas and New Year will focus on postal services. The purpose of these is to compromise accounts by imitating postal and delivery services and claiming that a package is on hold and you need to confirm some details in order to get it back. Of course, this isn’t true, and if you haven’t ordered anything or if you are unsure of the legitimacy of the email, do not click to follow any link it may contain. Other types include getting a delivery slip through your door, appearing as if it’s from a legitimate delivery company but with subtle changes such as a premium rate number that costs a small fortune to call. In all cases, these scams work on economies of scale and just a few people falling for them makes the whole process worthwhile for the criminals.
As for the 65% of people who re-use passwords across multiple accounts… 80% of data breaches in 2019 were caused by passwords being compromised. 42% of those because the password was considered weak and was found in compromised password troves available freely on the internet. Imagine your most sensitive documents being leaked because you used a password that had been compromised elsewhere. Imagine if the same scenario that happened at work, the damage can be devastating and lead businesses to collapse.
On a brighter note that are many things, you can do to minimize your chances of falling victim to an attack and to limit the damage that can be done if an attack is successful;-
Use unique passwords – Make sure every password you use is different, I know this can sound unmanageable, especially to those of you who have many different accounts and a lot of responses I get are ‘how can I keep track of all the passwords I use?’ The answer is Password Management Software. The general concept of them is that you set one very strong password for your vault and then all of your other passwords are encrypted and stored in it, only you have access to the vault and it is there when you need it.
Use multiple authentication methods – The majority of online accounts support multi-factor authentication (MFA) and wherever it is available you should use it. MFA is a simple way to use a secondary form of identification after your password, to prove you are who you say you are. MFA isn’t infallible, so therefore you shouldn’t consider your account secure just because you have MFA enabled, but having MFA makes compromising your accounts much more difficult and can even act as an early warning system if you receive MFA notifications when you haven’t tried to use the account in question.
Know the signs – We can all learn the tell-tale signs of phishing emails like checking the sender’s email address. It is common that the sending address will be a string of characters with a spoofed name to make them seem legitimate. Another sign is the links, obviously, never click on them but if you hover over the links of the email and it will reveal the exact address of the link, usually if it is a malicious link the link will not match the sender’s name of the subject of the email. For example, if the email was from ‘Royal Mail’ and the links in the email were ‘http://gfjsjiffjvjsrfg.org’ you know that it’s not going to take you to the Royal Mail website.
Over 90% of successful attacks rely on some form of human interaction, after all, you don’t know what you don’t know. Education is a critical part of mitigating the risk associated with the threats we face and should be considered essential both at work and at home. Threats don’t take a break and it is important you don’t either. If you would like to learn more about how #CyberWise can help keep your team and your business safe from the impact of business crime, contact us here. or call a member of the team on 0161 476 8273.
Everyone here at team #CyberWise wishes you a happy Christmas and New Year and we look forward to seeing you in 2021.