The holiday season is often described as the “most wonderful time of the year”, especially for businesses as they gear up for a busy shopping period. That said, Christmas is not just a wonderful time for consumers and businesses, it’s also an incredibly profitable time for cybercriminals as they conduct phishing attacks and send out fake emails hoping to catch shoppers off guard.
Indeed, phishing attacks increase drastically during the festive season. According to a research study by email service provider GMX, in the run up to Christmas last year, one in five British internet users fell victim to a phishing campaign.
So, what you do to keep your business and employees safe and secure online this Christmas? Check out our top Christmas cybersecurity tips ahead of the most wonderful time of the year.
- Keep a look out for phishing scams
Cybercriminals know that in the run-up to Christmas business employees will have dozens of packages arriving at their offices and can often lose track of what they’ve ordered.
To capitalise on this, they set up fake email addresses and send out emails that purport to come from legitimate courier companies, marketplaces (Amazon email scams are one of the most common), or online payment services.
These emails replicate the branding and style of legitimate brands/businesses, so recipients don’t look too closely at the content. Within these emails is a link which takes the recipient to a replica brand/business website and asks them for their details. These business employees then input their information with no idea of just what they are signing themselves up to or giving away.
Using this method, cybercriminals can easily obtain information and money from consumers and corporate employees who believe that they are engaging with a legitimate business or brand.
Our Christmas cybersecurity advice? Carefully check the email – this includes looking at the email address, subject line and content of the email. As these emails are typically sent en-masse, they often miss out small – but crucial – details that allow keen readers to identify that they are fraudulent.
Cybercriminals are banking on these emails not being read too closely. Don’t do them that favour!
- Avoid fake websites
During the festive period, many employees will use company systems or connect their personal phone to the office WiFi network to do their Christmas shopping during their lunch hour.
But a common ploy used by cybercriminals to scam business employees shopping online is to set up fake websites selling bogus gifts. These websites appear to be authentic, as cybercriminals are able to make convincing replicas, having cloned content from other legitimate businesses. Popular products are often advertised on these websites at a massive discount – incredibly tempting for the average shopper.
The reality is that these products are almost always counterfeits, or do not exist at all, and the details shoppers disclose on these websites are then used for identity fraud or financial theft.
Spotting a fake website is increasingly difficult – but for employees doing Christmas shopping at lunch or on the office network, using and submitting information on a fake website could put the whole business at risk.
To check if a website is secure, do the following:
- Double-check the domain name
A lot of fraudulent websites will use a domain name that references a popular brand or product name but won’t be the official website. For example: www.cheapraybans.co.uk.
- Make sure the offer isn’t too good to be true
Capitalising on the festive shopping rush, cybercriminals will often advertise popular products on their websites at major discounts to lure bargain-hungry shoppers and get them to part with hard-earned cash.
- Check payment options
If a website handles payment through online bank transfer, leave immediately. It can take a long time to recover funds after transferring them to another bank. Use protected payment systems only, such as credit cards or Paypal.
- Browse the website and check for inconsistencies (poor grammar, phrases that don’t sound right)
While many fake websites today are convincing in both design and content, there will often be inconsistencies that can be picked up just by browsing through the website. Take the time to look through it and read the pages.
- Read some online reviews
One of the best ways to determine if a website is indeed legitimate is to check review platforms and see what others are saying about the website.
- Don’t be too trusting of green padlocks on website URLs
A green padlock simply represents that traffic to the website is encrypted, so it can’t be intercepted en route – if the website itself is malicious they will received any information being submitted (this includes credit card details and/or passwords). That said, a fake website can get a green padlock too, simply by purchasing one from a certificate provider (Certificate Authority or CA).
Instead of just looking for a green padlock, users should check the website’s URL, being careful to look for misspellings and foreign characters in the place of similar English characters; then cross reference it with review platforms to determine if it is indeed legitimate and safe to use.
- Update security and software
Updating your operating system and other software are often seen as an inconvenience to employees, but as things slow down, the Christmas lull can offer some valuable downtime for businesses to make widespread software and infrastructure updates.
Before closing shop for the Christmas period, businesses should ensure that employees download and install the latest updates to ensure systems are secure for when business resumes as normal.
This includes cybersecurity solutions, operating systems, business applications (86% of security flaws are 3rd party applications), firewalls and any other business software. A business’ cybersecurity is only as strong as its weakest link. If employee devices do not have the latest cybersecurity solutions and patches installed cybercriminals will easily be able to access the business’ internal network. Protecting endpoints is the most important in today’s cybersecurity world!
A lot of the software update process can be automated through sophisticated solutions. Panda Patch Management, for example, can manage vulnerabilities in third-party applications and their corresponding updates and patches. The solution helps to strengthen threat prevention, containment and remediation capabilities. Reducing the attack surface on Windows servers and workstations.
Keep your business safe this holiday season by following the Christmas cybersecurity tips outlined above. Cybercriminals use increasingly sophisticated (and convincing) methods, but by staying vigilant, carefully assessing what you see online and updating your business’ software and security, you can keep your employees and your business safe.
If you want to find out more about how Panda Security can help enhance your business’ cybersecurity, click here.
I’m pretty sure that a lot of the people that I work with don’t follow a good amount of the things that you have listed here. For myself, I always try to be on the lookout for phishing scams as we happen to get a lot of those. It might be a good idea to have someone come and talk to all of us about being safe online with specific information as I think it would be most beneficial to us.