Phishing scams happen year-round, but we know that the bad guys like to take advantage of special events. At tax time, we’ll see an influx of IRS-related phishing email. During March Madness, there will be malware-laden highlight videos. And I can’t even begin to imagine the deluge when Will and Kate have their baby next year (you’re hearing it here first — warn your employees about looking at any baby pictures or videos online, unless it is posted on a trusted source).
So now that we are in the midst of the December holiday season, we are seeing the revival of some popular phishing scams — UPS and FedEx deliveries and PayPal, for instance. For instance, Avira has warned that a FedEx phishing email contains a ZIP file attachment of an executable that is not currently being caught by most AV software. CSO pointed out that these scams aren’t U.S.-centric, that no matter where you live, you need to be on the alert.
The holiday season carries several unique vantage points for a cyber thief. One, this is the time of the year when delivery services are busiest. Not only do many of us rely on FedEx or UPS or another service to deliver overnight packages, but companies are also receiving unexpected gifts packages from clients (and perhaps sending them out as well). Similarly with PayPal, I recently interviewed a couple of people who said they primarily use their PayPal account for holiday purchases.
Second, this is the time of the year when most of us have a lot on our minds, what with holiday parties and Nutcracker recitals, gift buying and gift sending, and making travel plans. Also, because many companies shut down between Christmas and New Year’s, these last weeks leading up to the end of the year are busy and stressful. The bad guys know that, and they take advantage of it by spoofing services you are using more than usual and expecting you to be too harried to look twice.
Perhaps one of the best gifts you can give your company this year is to look closely at every email and verify it as authentic before clicking on any attachments.