by Stu Sjouwerman, founder and CEO of KnowBe4
This holiday season could be the most wonderful time of year for cyber criminals, according to digital identity company ThreatMetrix. In a new report, the firm reveals that it has detected a 25% jump in attacks. You should warn everyone in your organization that cyber criminals are going into overdrive this time of year:
1. Black Friday/Cyber Monday Specials.
This time of year, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods. Sites that seem to have incredible discounts should be a red flag. Remember that when a “special offer” is too good to be true, it usually is.
For instance, never click on links in emails or popups with very deep discount offers for watches, phones or tablets. Go to the website yourself through your browser and check if that offer is legit.
2. Free Vouchers or Gift Cards.
A popular holiday scam is big discounts on gift cards. Don’t fall for offers from retailers or social media posts that offer phony vouchers or (Starbucks) gift cards paired with special promotions or contests. Some posts or emails even appear to be shared by a friend (who may have been hacked). Develop a healthy dose of skepticism and “Think before you click” on offers for or attachments with any gift cards or vouchers!
3. Bogus Shipping Notices from UPS and FedEx.
You are going to see emails supposedly from UPS and FedEx in your inbox that claim your package has a problem and/or could not be delivered. Many of these are phishing attacks that try to make you click on a link or open an attachment. However, what happens when you do that is that your computer gets infected with a virus or even ransomware which holds all of your files hostage until you pay $500 in ransom.
4. Holiday Refund Scams.
These emails seem to come from retail chains or e-commerce companies such as Amazon or eBay claiming there’s a “wrong transaction” and prompt you to click the refund link. However, when you do that and are asked to fill out a form, the personal information you give out will be sold to cyber criminals who use it against you. Oh, and never, never, never pay online with a debit card, only use credit cards. Why? If the debit card gets compromised, the bad guys can empty your bank account quickly.
5. Phishing on the Dark Side.
A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, “Star Wars: The Force Awakens,” due out on Dec. 18. However, the email is a phishing attack. Leading up to the film’s release, and shortly after, you need to watch out for this social engineering attack and not fall for the scam. Stay safe online!
BONUS TIP: Never use a insecure public Wi-Fi to shop with your credit card. Only shop with a secure connection at home.
Stu Sjouwerman is the founder and CEO of KnowBe4, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, Sjouwerman teamed with Kevin Mitnick, the world’s most famous hacker, to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. Sjouwerman is the author of four books, with his latest being “Cyberheist: The biggest financial threat facing American businesses“.