The National Retail Federation estimates retail sales in the U.S. for November and December of 2014 will be $616.9 billion with 8 to 11 percent growth for online sales when compared to 2013. The large concentration of retail commerce in the last few weeks of the year (19 percent) helps the overall economy, but also offers spammers and cybercriminals an opportunity to steal a piece of the pie.
The holiday season is when consumers are trying to do too many activities like shopping for gifts, arranging parties, travel booking and making donations online. At work, the same people are trying to wrap up projects, tax planning and book keeping, all before the holidays. As much as we want to believe that the holiday season is a time to sit back and relax, it also happens to be when we try to do too much and get distracted.
Some of the precautions employees and consumers can take to protect their personal and corporate assets include, separating work and personal email addresses and user identity when transacting commerce on-line. Many of us use the same email address at work and for personal reasons, which leads to confusion and error. In addition, ensure you use unique and hard to guess passwords including numbers, characters and casing, for each of the websites you authenticate and transact with.
Fifty-two percent of online smartphone shoppers used their phones throughout the shopping process during the 2013 holidays (Google and Ipsos MediaCT, 2014). Also more than 1 billion users use mobile devices to access their email. The combination of accessing your email by a smart phone and trying to reach a shopping site by clicking on a URL sounds appealing, but has to be done with utmost caution. Mobile interfaces unlike your standard computer interface do not have functionality like URL mouse over to check if the URL is leading to a phishing site. Refrain from clicking on any URL or an attachment in an email from your mobile device or for that matter with caution on any device. If you do choose to shop using your mobile device, use your device browser and manually type the URL of the site you want to go to or use the retailer specific app do so.
Weber County’s Information Security officer, Matt Mortensen recommends Dell SonicWALL Email Security for the in-depth research and development, the low latency and comprehensive feature set and integration. Watch the video to learn more.
Here are some recent trends and spam the Dell SonicWALL Threat Research Team is noticing this season:
- Personal letter from Santa to your loved one which is the most common one we have seen so far. This category is mostly a phishing email trying to gather your personal information.
- Holiday deals from unknown sources leading to customer survey sites, which claim to know about your shopping history and entice you to take a survey to divulge your personal information.
- Year-end tasks such as annual enrollment, renewal of insurance, holiday schedule announcements, which are not from your company and benefits provider domain.
- Gift cards are one of the fastest growing categories this year and we see similar growth in first card related spam and phishing emails.
- Call-to-action emails where the content of the email makes you take urgent action under the threat that either you will face a financial loss or impact the deliverability of your supposed order.
The above examples are only a small sample of what you might experience over the next few weeks. Many of the precautions you have to take have not changed over the years and the below refresher helps identify some of the things you can do to prevent attackers from achieving their objective.
- Don’t click on URLs in an email especially on Mobile devices without checking their full path and understanding where it is leading you. This is especially to be avoided when connected in a public Wi-Fi. Staysafeonline.org has issued an infographic on mobile security and elaborated this topic further.
- Beware of downloading any plug-ins from the email link itself. Go to the vendor’s (Adobe, Microsoft etc.,) website to download them.
- Be wary of on-line vendors offering enticing offers especially if you have never done business before with them
- Raise a red flag when you get credit card denied message, pick up the phone, call, verify
- Last minute upgrade notices from your IT administrator. Upgrades are usually done with advance notice and communication.
If you are a business owner you have a responsibility on how to communicate with your customers.
- Provide non-email ways for your customers to verify
- Use standard company domain names and avoid short cuts
- Set and follow standard communication practices and be consistent
Don’t let the attackers spoil the holiday spirit. It is important to educate ourselves on the perils of these attacks. Email is only one of the vectors which attackers will attempt to exploit; there are other precautions consumers must undertake.
To test your knowledge, challenge yourself and your employees to take this quick 10 question Dell Phishing online quiz and avoid the holiday blues.