How Your Organization Can Be More Vigilant Towards Phishing Attacks During the Holiday Season
Phishing remains the most likely threat vector for cybercrime incidents organizations face today. According to Trend Micro, phishing attacks rose 58% in 2023 compared to the previous year. During the holiday season, businesses are especially vulnerable to phishing targets as activities are heightened by threat actors weaponizing legitimate services, attempting to capitalize on individuals' vulnerabilities.
There are many staff distractions this time of year, and reminding employees of a heightened awareness of these activities is essential. Business Email Compromise (BEC) activities are highly active. They can target members within your finance department looking to clear "year-end" invoice payments or someone impersonating an authority figure requesting a junior employee to wire money or purchase gift cards for an "urgent situation." These examples and others can be avoided by increasing awareness and being vigilant in the following areas:
Be aware of phishing vulnerabilities that may be heightened due to longer hours, heightened employee stress, staff shortages and company downtime. Additionally, fewer IT professionals may be available within your organization, which can usually be counted upon for anything suspicious, resulting in longer response times and potentially damaging consequences.
Ensure you authenticate any directive from a senior company member before transacting an "urgent" request. All companies have protocols and procedures for these requests, and it is exceedingly unlikely you have been chosen to perform any purchase on an emergency basis.
Beware of clicking on links to funny seasonal cards or videos a fellow employee legitimately sends. Hover over the link to see if the address is legitimate, and avoid downloading viruses that may result in access to privileged information.
Watch out for year-end awards that threat actors send out, directing you to click on the link for further details on how to claim the prize or details about the awards ceremony. Forget the hype, and make sure that if you're the actual recipient of an industry award, the issuing organization is legitimate.
Refrain from responding to texts or emails that draw your attention to year-end inventory clear-outs or similar sales. These invariably go through your purchasing department and should be avoided at all costs.
Fake AI solutions are rampant during the holiday season. Scammers offer "free trials" of a platform that may complete your year-end inventory counting within hours instead of weeks. Before clicking on your link to a free trial, make sure the company is legitimate. Go through their website for a demo introduction to the product, or better yet, check with your local Chamber of Commerce or Better Business Bureau to ensure they are an established organization.
Consider reviewing multi-factor authentication (MFA) for your passwords and reminding staff of these protection policies and protocols.
Update your cybersecurity training and awareness programs for your staff, particularly regarding phishing attacks, the leading cause of cybercrime events according to the most recent FBI Internet Crime Complaint Center 2023 report.
All suspicious emails should be reported to your security department or designate within the organization. Flagging anything unusual allows for organization-wide alerts and can save your company from a cybercrime event that may have been entirely avoidable through more diligent protocols.
Another layer of protection you should consider is our PhishFlagger™ remedy. The user-friendly protocol launched in August 2024 (link to press release here) can help your organization numerically label all communications between safe senders and remove questionable threat actors. For more information, please visit us at www.phishflagger.com or contact me directly (mikeboland@phishflagger.com).
Be vigilant and have a safe and happy holiday season.
Mike Boland
President, PhishFlagger