Preparing Your Staff for Phishing Season
Posted by Chris Zachar—Senior Consultant • 10/26/2016
It’s the most wonderful time of the year – for social engineers to take advantage of users with holiday-based phishing lures. Many people experience holiday stress during November and December. That tempting link to a wonderful sale or hard to find item can result in a quick click before an assessment of the email is made. Educate your users about the dangers of holiday phishing to help them stay secure during the season. Popular scams include:
- Unsolicited online shopping advertisements from bogus retailers
- Holiday screensavers that may contain malware
- Notifications for unexpected shipments
- Electronic gift or greeting cards from unknown sources
- Requests from counterfeit charities
In addition, does it make sense that the user would receive the email at work?
The best way to stay secure is to remain alert. Remind your users that following the same guidelines as recommended throughout the year is a good start:
- Don’t click on links in unsolicited email messages.
- Check the sender’s address to verify who sent the email and hover over links to determine where they will really send you. But be careful of spoofing – the use of an address close to a real organization’s address.
- Visit retailer’s websites by searching for their name or putting their URL in the browser to verify sales.
- Use strong passwords, and a different password for each account. Use of a password manager is very helpful.
- Before donating, check the Federal Trade Commission’s Charity Checklist.
And finally, the old saying, “If it seems too good to be true, it probably is” always works well when assessing emails – or any other unsolicited contacts – for scams.
PhishLine offers seasonal phishing “lures” to help your staff learn how social engineers take advantage of holidays and events. Training content from PhishLine and our trusted partners includes customizable landing pages that teach the user what they should have identified as a risk in the lure, as well as video training on a variety of subjects. Contact us for more information on how we can help strengthen your “human firewall” throughout the year.