“Phishmas” – its not that punny

30 Nov 2021 | News, Security

Whatever it takes to draw your attention to Cyber Security is worth it.

Just because we take time off at Christmas doesn’t mean the hackers do. They have taken a lot of heart from the way we have all embraced home-delivery for our shopping and are doubling down with fake courier notifications.  The problem is that these are getting harder and harder to spot.

(To help, we recommend anyone yet to sign up to our KARE for Security service to consider our cyber-security awareness offer )

With uncertain shipping, and delivery delays, hackers know people are more interested in tracing their courier packages than normal.

They are using brand impersonation to pretend to be anything from a courier company to a logistics business to lure you to click on their links.  Of course, the links are malicious and will do anything from trying to install malware to tricking you to handing over information (credential harvesting).  At this time of year,  even if you aren’t expecting a particular package, there is enough happening that it’s very tempting to see what is being delivered anyway, and busy people are the most vulnerable.  Even worse, if you are expecting a package, then you are even more likely to want to click!

Tips to prevent phishing:

  • Education – cyber-awareness -such as the training included with KARE for Security
  • Remind  your colleagues to check the email sender carefully – end-users to look at the sender, their email address and not just the display name
  • Hackers are getting better at grammar but its still often a clue
  • Hover the mouse over all links and double check they are legitimate, and the spelling is 100% correctly.  (Ironically that can be harder with the Office 365 safelinks)

Source:
https://www.avanan.com/blog/this-usps-spoof-shows-us-that-phishmas-is-upon-us