All I want for Christmas is Your Credentials
Cybersecurity Threats during the Holidays
October marks the beginning of the holiday shopping season as holidaymakers prepare for year-end festivities. This jolly season unfortunately brings with it a far less pleasant time of year – phishing season. Distracted organizations, charitable givers, and busy shoppers make prime targets for cyber attackers looking to weasel their way into your wallet. Phishing incidents jump over 50% from the annual average between October and January. Bah! Humbug!
Here’s an early gift that will hopefully make your holiday season a bit less phishy. Be on the lookout. Winter is coming.
- SAAS AND WEBMAIL PRETEXTING.
- Phishing emails that purport to be from popular software-as-a-service (SaaS) and webmail services, such as Microsoft 365, G Suite, and DocuSign.
- To steal your credentials by presenting you with fake login pages, prime for credential harvesting.
- A report by APWG found that SaaS and webmail services’ pretexting jumped by more than 15% between Q3 2018 and Q1 2019.
- HTTPS PHISHING.
- Malicious websites using SSL certificates.
- To trick you into trusting malicious links, based on the misconception that a URL appended with “HTTPS” is safe.
- A report by APWG found that between Q1 2018 and Q1 2019, the number of phishing websites using SSL certificates increased by more than 20%.
- BUSINESS EMAIL COMPROMISE (BEC).
- Phishing emails with no links or attachments that appear to be from someone within your organization, like your boss or a co-worker.
- To convince you that the sender is someone you know and trust, to solicit compliance with requests for wire transfers, gift cards, or information.
- The FBI has reported that BEC has cost victims more than $23 billion since 2016, with a 100% increase in losses between May 2018 and July 2019 alone.