← Return to Blog

14 Nov, 2020

Information Security E-Newsletter: November 2020

Black Friday may look very different this year. In fact, hackers are banking on it.

The holiday rush will play out in the digital space this year and consumers have let their guards down in search of normalcy and routine. Count on hackers to have saturated the digital marketplace with businesslike communications to lure consumers. They’ll use practical messaging, like “your package is on its way,” “click to confirm,” and even “we’ve been trying to reach you,” by way of emails, text messages, or vishing.

Email campaigns are easy to duplicate and can leave you scratching your head. Ten years ago, the graphics were pixelated and the content was riddled with errors. You wouldn’t think twice before deleting an email offering free Rolexes or Viagra – and even reporting it spam. Those same spoofed sites that collect credit card data, log-in credentials, and personal information are still in existence, but today, programmers capture the website data through code and essentially duplicate websites to mislead consumers.

Text messages are more insidious because they come to the palm of our hand with short, “click here to confirm” links. Along with vishing, a combined voice and phishing scam where the criminal seeks out personal information, the latest technologies create a new risk. Both are forms of social engineering and attempt to persuade consumers into divulging information during the bustle of the holiday season.

Organizations are at risk, too. Zipped files and malware attachments come disguised as “the files you requested” or time sensitive invoices, that allow hackers access to email accounts they’ll use to target the company’s customers. By infiltrating the supply chain, hackers will use information from the target’s suppliers and vendors to mimic the trusted partner.

Hackers have leaked billions of usernames and password combinations from hundreds of companies over the past five years, and ‘tis the season. Known as credential stuffing, cyber criminals try these credentials against other online accounts. Make sure you are ahead of this year’s schemes.

  • If the message is authentic, it will come from the sender’s domain.
  • Refrain from using “click here to report as spam,” because some attacks are more inconspicuous. Instead, use the junk mail or block sender feature through your email provider.
  • Note that the bank nor its trusted providers will call and request identifying information.
  • Don’t respond to any prompts or respond to voicemail, email, or text messages. Do not click on any unsolicited shortened URLs, such as bit.ly links, or Cloud attachments.
  • Cyber criminals take advantage of vulnerability. Timely threats this year included scams regarding stimulus checks, the coronavirus pandemic, and remote work.

← Return to Blog

Disclaimer

This publication attempts to provide timely and accurate information concerning the subjects discussed. It is furnished with the understanding that it does not provide legal or other professional services. If legal or other expert assistance is required, the services of a qualified professional should be obtained.

Related Posts

Information Security E-Newsletter: December 2020

A deep dive into spear phishing. So dangerous, yet so effective. We touched on phishing in last month’s Information Secu...

Read more