ALL I WANT FOR CHRISTMAS IS YOUR CREDENTIALS

October marks the beginning of the holiday shopping season as holidaymakers prepare for year-end festivities. This jolly season unfortunately brings with it a far less pleasant time of year – phishing season. Distracted organizations, charitable givers, and busy shoppers make prime targets for cyber attackers looking to weasel their way into your wallet. Phishing incidents jump over 50% from the annual average between October and January. Bah! Humbug!

Here’s an early gift that will hopefully make your holiday season a bit less phishy. Be on the lookout. Winter is coming.

PHISHING TRENDS IN 2019

  • SAAS AND WEBMAIL PRETEXTING.
    • Phishing emails that purport to be from popular software-as-a-service (SaaS) and webmail services, such as Office 365, G Suite, and DocuSign.
    • To steal your credentials by presenting you with fake login pages, prime for credential harvesting.
    • A report by APWG found that SaaS and webmail services’ pretexting jumped by more than 15% between Q3 2018 and Q1 2019.
  • HTTPS PHISHING.
    • Malicious websites using SSL certificates.
    • To trick you into trusting malicious links, based on the misconception that a URL appended with “https” is safe.
    • A report by APWG found that between Q1 2018 and Q1 2019, the number of phishing websites using SSL certificates increased by more than 20%.
  • BUSINESS EMAIL COMPROMISE (BEC).
    • Phishing emails with no links or attachments that appear to be from someone within your organization, like your boss or a co-worker.
    • To convince you that the sender is someone you know and trust, in order to solicit compliance with requests for wire transfers, gift cards, or information.
    • The FBI has reported that BEC has cost victims more than $23 billion since 2016, with a 100% increase in losses between May 2018 and July 2019 alone.

Leave a Reply

Your email address will not be published. Required fields are marked *