‘Tis the season to be cyber aware

Cyber criminals work all year-round, so why do we see such an increase in phishing campaigns over the Christmas period? Our Governance Risk and Compliance Consultant, Aaron Woods explores why the festive season is prime time for cyber attacks and how you can protect yourself against getting caught out.

As we approach December, many of us are getting into the festive spirit. But as we become busier than usual working towards the holidays, this time of year is vulnerable to a less than festive increase in successful phishing campaigns and cyber security should remain a top priority.

In our current digital age, with most Christmas shopping done online and the logistics industry experiencing a massive increase in demand to ensure online deliveries arrive on time, cyber criminals have a golden opportunity to catch us off guard. In fact, the National Fraud Intelligence Bureau claims that over the 2019 Christmas shopping period (from November 2019 to end of January 2020) there were 17,405 reports of online shopping fraud, which equates to a loss of £13.5m – an average of £775 per incident.

So, what should you be looking out for over the next few months? And how can you prevent your organisation and workforce from falling victim to a festive cyber scam?

Phishing campaigns

Organisations need to be vigilant to phishing campaigns at all times, but as we see more targeted attacks over the festive period, individuals within your organisation are likely to be more frequently exposed due to an increase in attempts.

These attacks usually leverage human habits and behaviours, and as Christmas is a key shopping time, more campaigns relating to businesses that many of us are likely to be expecting contact from are utilised. Think online retailers, delivery companies, and online booking platforms.

These emails can be very convincing and difficult to spot, but the simplest way to reduce your chances of falling victim to cyber crime is to: think before you click.

It sounds easy, but taking the time to familiarise yourself with the most common signs of a scam email and properly reading emails before clicking on anything within them, is the best way to protect against them.

Most common signs of a phishing email

There are many warnings that can alert you to a phishing attempt, but the most common signs to look out for are:

  • Grammar and spelling errors
  • Inconsistencies in email addresses, links, and domain names
  • Threats or a sense of urgency
  • Unusual requests
  • Request for credentials, payment information, or other personal details

If you spot any of these in an email that you receive, be cautious! Before you click on anything, verify the request by visiting the sender’s website or contacting them directly (remember: never click on the links within the email to do this, instead, visit the website directly via your browser), and if you’re still unsure, report it to your cyber security or IT team for inspection.

However, as cyber criminals look for new ways to convince you that emails are genuine in the hope that you’ll take action, phishing campaigns are always changing and emails are becoming more sophisticated. Because of this, you must remain vigilant even when the usual tell-tale signs of a scam aren’t present. If something about an email doesn’t feel quite right, it’s probably because it isn’t and it’s best to approach with caution by flagging it to the relevant team at your organisation.

Password hygiene and multi-factor authentication (MFA)

Password hygiene is a hot topic when it comes to cyber security, and with good reason. A strong, secure password is one of your main defences against cyber criminals accessing your online accounts.

Alongside a solid password, multi-factor authentication (MFA) adds an extra layer of protection. Most modern websites and apps have the option to enable MFA, and where this is available, it is strongly recommended that you do. Once MFA is enabled, even if a hacker does gain access to your passwords, they will find it difficult to get into your accounts without the unique, one-off code generated by MFA, which is usually sent directly to your mobile device and/ or email address for you to confirm.

Unsecured websites

This is good practice when visiting any site, but it’s particularly relevant to shopping sites where you are likely to be entering payment information. Before sharing any of your personal details, get into the habit of checking that the website is secure and genuine.

There are two ways you can ensure that a website has a secure connection:

  • The little padlock symbol: this will be in the top left of the address bar on your browser. The padlock is present if it’s a secure connection, but no padlock or a warning could indicate a non-secure connection
  • HTTP or HTTPS URLs: every website URL starts with either HTTP or HTTPS. However, an HTTPS URL shows a secure site, while HTTP signals that the website is not secure

Protect your organisation and workforce against cyber attacks throughout the festive season

Take our Cyber Security Assessment now to identify any weak spots in your current cyber security strategy and explore the solutions that will help to protect your organisation against breaches, at all times of the year.

Aaron Woods
Aaron Woods

Aaron is a dedicated member of the Governance, Risk, Compliance, and Environment (GRCE) team at Phoenix Software, with over five years’ experience working with the UK public and education sectors. In his role as a Governance Risk and Compliance Consultant, Aaron works with our customers to advise and support their cyber security strategies.

See all posts by Aaron Woods