CISA Warns Users to Be on the Lookout for Holiday-Themed Digital Attacks
Blog
Thought Leadership
CISA Warns Users to Be on the Lookout for Holiday-Themed Digital Attacks
David Bisson
The Cybersecurity and Infrastructure Security Agency (CISA) has warned users to be on the lookout for email-based scams and other attacks this holiday season. At the same time, according to the latest findings by AppRiver, a full 82% of SMB executives estimate “many” of their employees will shop online during this time with a device used for conducting business. Among these execs, 61% shockingly admit that while they know this poses cybersecurity risks they believe there isn’t much they can do about it. Fortunately, this isn’t necessarily the case.
On Nov. 8, CISA warned consumers “to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online.” The Agency specifically notes that malicious actors could send holiday-themed emails and e-cards containing malicious links or attachments. It also points out that digital attackers could send spoofed emails that appear to come from charities.
CISA then recommends that shoppers heed four general pieces of advice during the holiday season. These guidelines are as follows:
KEEP A LOOKOUT FOR SUSPICIOUS EMAIL ATTACHMENTS
Digital attackers commonly turn to email attachments as a means of sending malware via a variety of file types and infecting numerous machines at once. In response to this threat, consumers should think twice before opening an unsolicited email attachment, scan attachments before opening them and disable the ability of their machines to open attachments automatically. They should also implement additional security best practices such as implementing software patches and keeping anti-virus software installed on their machines.
DON’T FALL VICTIM TO A SOCIAL ENGINEERING ATTACK
Malicious actors use social engineering attacks to exploit human weakness and trick consumers into doing something that compromises their machines. These attacks commonly employ phishing emails, vishing calls and fraudulent SMS messages to lure users in. With that said, consumers should be suspicious of unsolicited emails, text messages and phone calls. They should also never provide their personal or financial information to a person whose identity they have not confirmed using other means of verification.
EXERCISE CAUTION WHEN SHOPPING ONLINE
Whenever the holidays roll around, digital criminals make a point of creating fake websites and email campaigns that capitalize on consumers’ interest in finding a shopping deal. These items often appear legitimate so as to trick users into supplying their personal and/or financial information. Other times, they infect users’ machines with malware to intercept their electronic financial transactions locally. Given these risks, consumers would be wise to shop with only reputable vendors that have a reputation of encrypting their customers’ financial transactions. Consumers should also shop online using a credit card and not a debit card, as consumers are less protected in the event that their debit card details are stolen and fraudulently used by criminals.
DO YOUR DUE DILIGENCE BEFORE DONATING TO A CHARITY
Not all malicious websites and email campaigns leverage a fraudulent shopping deal. Some capitalize on natural or humanitarian disasters to convince users into donating to a fraudulent charitable organization. To defend against this type of scam, consumers should do their due diligence and research a charitable organization’s reputation before they decide to donate to it. They should also refrain from donating if they feel in any way that “representatives” of the charity are pressuring them into submitting a donation as soon as possible and are making vague statements about how their donations would be used.
MULTI-LAYERED EMAIL SECURITY: THE PERFECT HOLIDAY GIFT
Clearly, the holidays are rife with numerous digital threats that can put organizations’ systems and data at risk if their employees fall victim to one. Organizations should therefore take steps to counter these threats by using security awareness education to educate users about phishing attacks and social engineering campaigns. With the knowledge that even educated users sometimes make mistakes, they should also leverage a sophisticated security solution that analyzes incoming email messages at multiple levels in real time while allowing legitimate correspondence to reach their intended destination.