Bah Humbug! Holiday Phishing Attacks on the Rise

Phishing is not only widespread—it’s on the rise, and the holidays are traditionally a very lucrative time for phishers. In the recent Anti-Phishing Working Group (APWG) Phishing Activity Trends Report, the statistics are enough to scare Ebeneezer Scrooge:

  • The number of unique phishing sites submitted to APWG during second quarter (Q2) 2016 was 466,065. This was a 62 percent increase from the 289,371 sites detected in the first quarter (Q1) of 2016.
  • 315,524 unique phishing email campaigns were reported in Q2 of 2016.

These numbers show the increased activity of phishers in Q2, and highlight the increasing number of lures being sent out. In fact, in years past, more than 300 different brand names have been counterfeited in an effort to dupe victims into opening the destructive emails and attachments.

Holiday Phishing Attack Examples

With all the headlines and news stories about social engineering attacks, and phishing attacks in particular, most people have heard of phishing. However, despite the widespread awareness that phishing attacks exist, people continue to fall victim. A recent Forbes article warns that “An estimated 23 percent of workers fell for phishing mails in a recent test, and 11 percent of the people that opened the mail also opened the malicious attachments.”

Employees can help prevent phishing attacks; however, they need to understand the warning signs and what to watch for. Here is a short list of the most prevalent holiday phishing attacks that can easily be shared to raise awareness:

  1. Phony invoices and receipts that appear to be from legitimate retailers.
  2. Fake shipping status emails that could potentially contain malware.
  3. Email solicitations and offers from unfamiliar online retailers.
  4. Links that are misleading or redirect you to a "cloned" or "cloaked" website.
  5. Illegitimate surveys that promise money or gift cards in exchange for personal information.

As always, be sure to keep an eye on your bank accounts to quickly identify any unauthorized transactions. If you don't recognize a charge, your financial institution can help you determine if the transaction is legitimate. One simple phone call can go a long way in derailing a phishing attempt. In general, ask your staff to maintain a heightened awareness this holiday season. If something feels "phishy", it's always worth looking into.

Preventing Phishing Attacks Year Round

Your company does not have to be helpless against a holiday (or any time of year) phishing attack. With an experienced and knowledgeable training partner who can lead you in exercises such as phishing simulation training, you and your staff can learn how to spot and defend against phishing scams.

At Security Pursuit, we offer live training, e-learning courses, and social engineering assessments to help protect against attacks. We believe “social engineering prevention begins with training staff to identify the telltale signs of a social engineering attack. Security awareness training should be a core component of your overall information security strategy. We help create security awareness programs that increase employees’ vigilance toward identifying social engineering threats with a focus on understanding considerations unique to your organization's industry sector and culture.”

With increased awareness and an investment in continued education for your staff, your employees can become vigilant protectors against phishing attacks, ensuring your data stays safe and everyone has a peaceful holiday.