Are You Secure From Christmas Phishing & New Years Fraud?
There is no annual holiday for cybercrime, in fact, this is the time of year that it truly escalates. Scouring the web for the best deals, gifts and rewards could be opening your doors to cyber crooks that put huge amounts of effort to profit from the holiday shopping frenzy. Even the most trusted retailers are experiencing problems, Macy’s breach.
This annual holiday fraud cycle has firmly established itself in recent years, widely supported by cybersecurity researchers. Phishing criminals follow the money and now we have Black Friday and Cyber Monday behind us they aren't easing up. Last-minute shoppers are pouring many thousands of dollars into online shopping channels.
Cybercrime is at its peak during the key holiday shopping period, but the hustle and bustle of transactions continue well after Christmas. Post-Christmas sales and offers provide cybercriminals with opportunities to capture payment data and attempt fraudulent transactions. They are looking for a profit through a number of different attack methods.
What is phishing? The word ‘phishing’ pretty much has a similar meaning to ‘fishing’ i.e. a bait to lure victims. It could be an email, telephone call, or a text, which supposedly comes from a trustworthy source. Cybercriminals use banks, payment processors or retailers, at times even by hacking a colleague or friend. The emails or messages are often credible enough to deceive the recipient into clicking on a link which could then release malware in the form of viruses, worms, Trojans or bots onto the recipient’s computer or lead to a fake website.
The use of e-commerce phishing URLs for 2019 has more than doubled since its peak in 2018. The holiday lures are extraordinarily high, with cyber attackers trying everything from order confirmation scams in email and SMS to enticing promotional offers.
How To Protect Against Phishing.
Never Follow Links
There is no guaranteed way to detect phishing but remember, if there is even the slightest suspicion that the email may not be quite right, do not click on any links within.
Always check the website address directly in your browser, DO NOT click the link in the email.
Check the Sender
If the part after the @ in an email address doesn’t match the supposed sender, it's FAKE!
Let's say you receive a ‘PayPal’ email from firstname.lastname@example.org or the URL is misspelled as www.paypa1.com or similar, it's FAKE!
Some of the most respected and popular companies in the world have website impersonators including Facebook, Google, DropBox, and PayPal.
Phishing emails almost always contain the same kind of content and requests. Sometimes, they ask you to update your user account or password.
Sometimes they use psychology to get you to react, like notification of a lottery win, or a once-in-a-lifetime business opportunity, or an appeal for a donation to a charity (very popular at Christmas).
Banks Will Never
Ask for your passwords or PINs to be sent by e-mail or text.
Ask to authorise the transfer of funds to a new account.
OR ask you to meet a bank representative at your home to collect cash, bank cards or anything else.
Beware Of Attachments
If unknown file extensions or a PDF file appear as an e-mail attachment is an indication that something is wrong, especially if you haven’t had any previous dealings with the sender.