It is easy to become a victim of social engineering scams and attacks over the holiday period as it is the time of year that employees begin to relax and look forward to the Christmas holidays.
Awareness is one of the essential preventative measures that you can take to protect yourself and your organisation this Christmas. Read on below for more ways to protect yourself against scams and attacks this Christmas.
USB
Due to many anti-bribery policies, companies can no longer send elaborate gifts such as hampers, boxes of wine or chocolates. Instead many companies send their customers branded merchandise in forms such as mugs, pens and USB pens. Unfortunately fraudsters have found a way of turning a thoughtful gesture into a malicious attack. USBs containing key- logger software or malware are sent to companies as a gift from a fraudulent company or indeed they may even have stolen the credentials of a legitimate company.
These USBs are then distributed to unsuspecting individuals who then use the USB. This activity is then utilised by criminals to gather personal data through key-logger software or to download malicious software onto their system. Branded merchandise sent from a customer or client are useful gifts but it is important to be wary from whom you receive USBs. Always ensure that you know the company that you are receiving the device from and always verify with the customer that it was them that sent it.
Website Deals and Offers
The majority of parents have experienced the emotional stress of trying to find the year’s hottest toy for their little ones. It is usually sold out months before Christmas and is always the one that they continue advertising even though every toy store within a six mile radius will not have it back in stock until after Christmas. Phishermen relish the fact that parents will do anything to ensure that they attain that toy. Creating a bogus website and a fake Facebook page takes very little time for the Phisherman or woman. With this website they offer unbelievable deals and offers on these in-demand toys. These websites ensnare panicked parents who unwittingly either purchase the toy on the bogus website or enter their details to be in for a chance of winning one for free.
MetaCompliance have already spotted numerous fraudulent websites offering this year’s top toy “The Hatchimals”. This digital toy is being offered in competitions asking only for a “few” details or can be purchased at a discount rate on many sites. Unfortunately if it sounds too good to be true it usually is! Fraudsters do not suddenly develop a conscience at Christmas time and therefore are unlikely to care if you do not receive that “must have” toy. It is best to keep to well known toy store websites and if in doubt try to enquire directly at the brand’s physical store.
Ecards
Ecards are an attractive option for many of us as they are quick and easy to send to friends and family. Ecards are usually harmless and are often seen as a fun and popular part of the holiday season. Unfortunately cybercriminals are now using ecards to spread malware to your systems and devices. Ecards are sent to the recipient and malware is usually attached as a downloadable file or embedded within the content itself.
Ecards should be treated with the same caution as all other emails. Always check the sender; never reply all and never click the link or download any other attachment other than .txt from a sender you do not know.
SMSishing
Christmas is the perfect time for rest and relaxation. The closing of shops, businesses and services is a welcome rest for many business owners and their employees. For the Phishermen and women it is the perfect opportunity to create a banking scam. SMS texts are sent to individuals over the festive period alerting them that there is a problem with their accounts. Victims are then asked to follow a link or phone a number to sort out the problem. Due to the Christmas period retail branches are closed which encourages individuals to phone or follow the link provided. Banking customers who follow the link or phone the number provided are usually taken through a series of questions used to extract personal information that will give the cybercriminal access to your bank accounts or cards.
It can be terrifying to think that your accounts have been compromised especially if it is impossible to speak to a representative face to face. It is paramount that you remain calm and think logically whenever you receive these SMS texts. Always carefully read the text to ensure that there are no obvious signs that it is fraudulent. Never call the number provided in the text and always call the number on the back of your debit or credit card.
MetaCompliance are developing a range range of social engineering eLearning courses that will be released early 2017. Interested in protecting your organisation and employees from social engineering scams? Then get in touch with us today.
