Cybersecurity Threats during the Holidays

October marks the beginning of the holiday shopping season as holidaymakers prepare for year-end festivities. This jolly season unfortunately brings with it a far less pleasant time of year – phishing season. Distracted organizations, charitable givers, and busy shoppers make prime targets for cyber attackers looking to weasel their way into your wallet. Phishing incidents jump over 50% from the annual average between October and January. Bah! Humbug!

Here’s an early gift that will hopefully make your holiday season a bit less phishy. Be on the lookout. Winter is coming.

Phishing Trends

• SAAS AND WEBMAIL PRETEXTING.
  • Phishing emails that purport to be from popular software-as-a-service (SaaS) and webmail services, such as Microsoft 365, G Suite, and DocuSign.
  • To steal your credentials by presenting you with fake login pages, prime for credential harvesting.
  • A report by APWG found that SaaS and webmail services’ pretexting jumped by more than 15% between Q3 2018 and Q1 2019.
• HTTPS PHISHING.
  • Malicious websites using SSL certificates.
  • To trick you into trusting malicious links, based on the misconception that a URL appended with “HTTPS” is safe.
  • A report by APWG found that between Q1 2018 and Q1 2019, the number of phishing websites using SSL certificates increased by more than 20%.
• BUSINESS EMAIL COMPROMISE (BEC).
  • Phishing emails with no links or attachments that appear to be from someone within your organization, like your boss or a co-worker.
  • To convince you that the sender is someone you know and trust, to solicit compliance with requests for wire transfers, gift cards, or information.
  • The FBI has reported that BEC has cost victims more than $23 billion since 2016, with a 100% increase in losses between May 2018 and July 2019 alone.