“During Q4 over the past three years, the number of unique phishing sites detected has increased each month but the number of phishing reports over the same time has declined”
“Oh! What a wonderful time of the year”, as the song goes. Christmas is that occasion in the year that we all look forward to – time off work, spending time with the family and the occasional drink or two. Yet for many, they receive a lump of coal because they’re unable to distinguish a Santa from a Grinch in their inbox because of Phishing emails.
Phishing is the method by which criminals and fraudsters try to either pilfer your data, steal your login credentials, or trick you into downloading malware.
If you aren’t vigilant, you could make the grave error of interacting with a phishing email which could mean that your Christmas is more Nightmare Before Christmas than Buddy the Elf.
According to an Action Fraud report, 23% of people who receive phishing emails open them and with fraudsters becoming more and more subtle with their emails, it is vital that you are extra vigilant of these emails over Christmas.
Being able to avoid a phishing email is simple and we’ll guide you through the world of phishing, how to avoid being hooked and why you should care at Christmas.
What is Phishing?
Phishing involves scam emails being sent to you by fraudsters with the aim of stealing personal information, login credentials or bank details. These emails more often than not mirror that of brands you trust, luring you into a false sense of security or by scaring you into giving away your details.
Each year, phishing is becoming more and more common, with the latest figures from APWG showing that the amount of unique phishing sites being detected reaching over 158,000 a month.
Why should I care about phishing during the Christmas period?
Phishing is becoming more sophisticated and targeted by the year, as a new phishing attacks claim waves after waves of victims each time. These emails aim to target the widest amount of people possible for financial gains; during Christmas these aims use our Christmas habits as a framework to con those who are less educated in phishing.
Misleading communications cause a few headaches over the Christmas period as emails target those looking for a pre-Christmas bargain to treat family and friends, and the kindness of contacts sending e-cards or e-gifts.
In a month where we do kind gestures and show our gratitude towards others, naivety can take over your weariness to phishing emails which is why we must stay vigilant to the possibility that not all emails are as genuine as they may seem – it’s this very reason they are so successful.
Yet, during Q4 over the past three years, the number of unique phishing sites detected has increased each month but the number of phishing reports over the same time has declined according to APWG reports.
A worrying trend has evolved where the end of the year has become the time of year in which people start neglecting phishing emails and stop reporting them, despite evidence suggesting that unique phishing websites are increasing year-on-year in December.
Much like the red-coated, beard wearing fellow from Lapland, cyber criminals don’t have the Christmas period off. Fraudsters want to have a great Christmas with their families just like you, so they work extra hard over this period to make ends meet. Keep a lookout for these emails in your inbox when at work because it isn’t just your personal email accounts that are targeted. Better education into phishing will either force the fraudsters to drastically change their approach or give up because they aren’t making any money.
How do I spot a phish?
Bob’s Business consultant/resistant social engineer, Richard De Vere, wrote a blog showing how to phishing emails can fool you by slighting changing just one or two characters in a web address to those found in the Russian alphabet which can be found on the Yorkshire Cyber Security Cluster website.
Our ‘Phishing Fears’ module details the steps you can take make sure that you don’t lose out by spotting the common traits that many phishing emails follow.
We also recommend you follow this tips when you receive an email you weren’t expecting:
- Always shop at reputable sources – if you’re unsure as to whether the email is real, search for the shop on Google
- Disable images in your inbox to make sure that no e-cards or e-gifts that are infected with malware can infect your computer
- Check the email address. While the email might look reputable, the email address most probably won’t
- Hover over any links in the email and check the URL in the bottom left of the screen. If it looks like a long, random set of numbers and letter then, it isn’t secure
- Check for spelling mistakes – it’s common for phishing emails to contain poor spelling and grammar
- Maintain strong desktop hygiene – make sure that all programs, operating systems and antivirus are up-to-date with the latest version
- Report any phishing email to receive to your IT team
- Think Before You Click – be vigilant and aware
Bob’s Business offers bespoke phishing awareness campaigns with the aim of training your staff to spot phishing emails. Our highly effective campaign involves sending a series of phishing mock ups to your employees, anyone who clicks on the emails is redirected to our training module which adds comprehensive, meaningful learning to the exercise.
For more information about our ‘Think Before You Click’ service, follow here or contact firstname.lastname@example.org
Where can I find Bob next?
Bob’s Business will be attending the Christmas Yorkshire Cyber Security Cluster meeting on 21st December at Royal Armouries, Leeds. This particular meeting is family friendly, so children are welcome as we will be discussing how to keep children safe on the internet. You can sign up for the free meeting on the Eventbrite.