The holiday season is a time of year when we get together with friends and family to enjoy each other’s company (or put up with that one annoying family member) as we go around exchanging gifts and stories. It is also a time of year when bad actors try to scam people out of their money or information.
As you sit down to enjoy the holiday festivities, be on the lookout for increased cybercriminal activity and scams. Business Email Compromise (BEC) scams, realistic-looking emails offering unbelievable shopping deals and man-in-the-middle attacks from public Wi-Fi networks are just a few common tactics threat actors have up their sleeves during this time of year.
In order to help combat these bad actors, stay vigilant for things that don’t look right. Look for email domain names that have a letter changed or emails offering deals too good to be true and avoid public wireless connections altogether.
As we look to wind down the year and take time off, bad actors are in full swing. Here are some holiday security incidents that have unfolded over the last 18 months.
Recent Cyberattacks During the Holidays:
- Colonial Pipeline: Just before Mother’s Day Weekend
- Kaseya: Fourth of July weekend
- Los Angeles United School District: Labor Day Weekend
- Baltimore County Public Schools System: Day Before Thanksgiving
- Albany International Airport: Christmas Holiday Period
- Sony and Microsoft: Christmas Eve
- Impresa: New Year’s Day
No matter how much technology we put in place, the last line of defense resides with the user clicking on links and opening email attachments. Everyone needs to understand the threats and receive training on what to look out for. Below are a few common cybercriminal tactics to keep an eye on.
Holiday Cybersecurity Tips:
- Purchases: Keep an eye out for fake coupons, unbelievable promotional deals, or even fake shipping notices.
- Notifications: Cybercriminals will repeatedly spam you with notifications this season—don’t let your guard down. Never assume notifications are safe.
- Gift Cards: Only purchase and use gift cards with the authorized retailer.
- Wi-Fi: Use verified, secure Wi-Fi connections and avoid connecting to free public Wi-Fi.
- Your Devices: Never leave your devices unattended and always secure them with strong passwords.
- Emails: If an email from a co-worker or 3rd party is not expected, check the domain and call that person to validate the legitimacy of the email. Never question the email via email as the bad actor could be watching and respond.
- Email Attachments: Be careful of unsolicited email attachments
If a user does do something and clicks an attachment or responds to a fake email, they need to bring it up immediately so any damage can be limited. No matter the season or time of year, our team is here to help keep you and your data cyber secure.