‘Tis the season to be cyber aware

Cyber criminals work all year-round, so why do we see such an increase in phishing campaigns over the Christmas period? Our Governance Risk and Compliance Consultant, Louis Coates explores why the festive season is prime time for cyber attacks and how to protect yourself from getting caught out. 

As we quickly approach Christmas, many of us are getting into the festive spirit. But as we become busier than usual working towards the holidays, this time of year is vulnerable to a less than festive increase in successful phishing campaigns and cyber security should remain a top priority. 

So, what should you be looking out for over the next few months? And how can you prevent your organisation and workforce from falling victim to a festive cyber scam? 

Phishing campaigns 

According to the 2022 Cyber Security Breaches Survey, of the 39% of UK businesses who identified an attack, the most common threat vector were phishing attempts (83%). Organisations need to be vigilant to phishing campaigns at all times, but as we see more targeted attacks over the festive period, individuals within your organisation are likely to be more frequently exposed due to an increase in attempts. 

These attacks usually leverage human habits and behaviours, and as Christmas is a key shopping time, more campaigns relating to businesses that many of us are likely to be expecting contact from are utilised. Think online retailers, delivery companies, and online booking platforms. 

These emails can be very convincing and difficult to spot, but the simplest way to reduce your chances of falling victim to cyber crime is to: think before you click. 

It sounds easy, but taking the time to familiarise yourself with the most common signs of a scam email and properly reading emails before clicking on anything within them, is the best way to protect against them. 

Most common signs of a phishing email 

There are many warnings that can alert you to a phishing attempt, but the most common signs to look out for are: 

  • Grammar and spelling errors 
  • Inconsistencies in email addresses, links, and domain names 
  • Threats or a sense of urgency 
  • A sense of scarcity (e.g. act now, only five places left). This encourages colleagues to act quickly 
  • Unusual requests 
  • Request for credentials, payment information, or other personal details 

If you spot any of these in an email that you receive, be cautious! Before you click on anything, verify the request by visiting the sender’s website or contacting them directly (remember to never click on the links within the email, instead, visit the website directly via your browser), and if you’re still unsure, report it to your cyber security or IT team for inspection. 

However, as cyber criminals look for new ways to convince you that emails are genuine in the hope that you’ll take action, phishing campaigns are always changing, and emails are becoming more sophisticated. Because of this, you must remain vigilant even when the usual tell-tale signs of a scam aren’t present. If something about an email doesn’t feel quite right, it’s probably because it isn’t and it’s best to approach with caution by flagging it to the relevant team at your organisation. 

Password hygiene and multi-factor authentication (MFA) 

Password hygiene is a hot topic when it comes to cyber security, and with good reason. A strong, secure password is one of your main defences against cyber criminals accessing your online accounts. 

Alongside a solid password, multi-factor authentication (MFA) adds an extra layer of protection. Most modern websites and apps have the option to enable MFA, and where this is available, it is strongly recommended that you do. Once MFA is enabled, even if a hacker does gain access to your passwords, they will find it difficult to get into your accounts without the unique, one-off code generated by MFA, which is usually sent directly to your mobile device and/ or email address for you to confirm. 

Unsecured websites 

This is good practice when visiting any site, but it’s particularly relevant to shopping sites where you are likely to be entering payment information. Before sharing any of your personal details, get into the habit of checking that the website is secure and genuine. 

There are two ways you can ensure that a website has a secure connection: 

  • The little padlock symbol: this will be in the top left of the address bar on your browser. The padlock is present if it’s a secure connection, but no padlock or a warning could indicate a non-secure connection 
  • HTTP or HTTPS URLs: every website URL starts with either HTTP or HTTPS. However, an HTTPS URL shows a secure site, while HTTP signals that the website is not secure 

Protect your organisation against cyber attacks throughout the festive season 

We support organisations of all sizes to identify and manage risks in their cyber security strategy. Our team of specialists are trained across multiple disciplines, including Cyber Essentials, PCI-DSS, CIS, NCSC CAF, NIST, and ISO 27001, including the new 2022 iteration.  

Arrange your free security assessment now to see where you stand against industry best practice.  

Book a call with our specialist to find out more
Jonathan Scott
Jonathan Scott

Jonny entered the world of IT at the age of 17. After working in corporate sales for three years, he moved to a more strategic role at Phoenix within the business development team managing bids and vendor relationships. After building up the skills and knowledge to understand the relevant technologies that fit different sectors, Jonny became the Vendor Alliance Manager at Phoenix. Jonny and his team manage a portfolio of over 650 vendors.

See all posts by Jonathan Scott