Beware Phishing Attacks During the Holidays
The Canadian Centre for Cyber Security (CCCS) has released guidelines on how to avoid phishing attacks as we head into the holiday season.
With increased online shopping comes increased online traffic, which can lead to more opportunities for hackers. One of the most common ways threat actors target people is with phishing attacks, which can appear as texts and phone calls, but mainly come as emails. The goal is to try and trick you into clicking on a link or attachment connected to credential harvesting sites.
They also do not discriminate. Whether you are an individual buying gifts for the holidays, or a company employee at any level, phishing emails will come to your inbox and it's important you know how to spot them.
The CCCS says attacks appear in two main ways:
- Spearphishing: In these attacks, threat actors will send a targeted email to an individual or company with the goal of getting the person to click on a link or attachment.
- Whaling: These are very similar to spearphishing emails but target C-level executives
While it might seem like these emails are easy to spot, the CCCS says threat actors have become quite good at disguising them. They will employ tactics such as using business-centric keywords in the subject line or body of the email (something we have written about in the past), include company logos and trademark information, or even use the name of someone you know.
Many phishing attacks lead to ransomware, and a lot of other very costly issues.
Being aware of these emails and receiving proper training on how to spot them are key components in combating them. When you receive an email, it's always a good idea to examine the email of the person who sent it to you, even if they have the name of someone or an organization you know of. In addition to that, you can ask yourself the following questions:
- Is this communication something I receive often? Or does it seem out of the ordinary? Also pay attention to the person who sent it to you. Do they often send you emails like this?
- Are there spelling or grammar mistakes in the subject line or body of the email?
- Does the tone of the email seem either threatening or too good to be true?
- Does anything about this seem off at all?
If an email sets off alarms in your head, it's never a bad idea to listen to them. You can always ignore or report it, or if you are part of a company and receive it to your work email, you can report it to your IT staff to have them examine it.
We have also blogged in the past about the importance of backing up your data and testing to make sure that it works. Having a good backup strategy can go a long way in the fight against ransomware.
Prophet Business Group: A Stoneridge Company can help you protect your network, backup your data, and spare you the costs associated with ransomware.
Please call 204-982-9890 or email email@example.com for more information.