The Holidays are a Wonderful Time to Phish

…and no, we don’t mean going to a Phish show. Cybercriminals are opportunistic, and the holidays are a time when we are all rushed, excited, and a bit mindless. The perfect combination of variables align in our daily lives, so cybercriminal wait in prey. Their bait? Emails that look like they are from Amazon and other e-retailers providing coupons, offers and bonuses. One click, you sign on, and that’s all she wrote. The cybercriminals have your Amazon credentials, and if they match your email credentials, they’ll help themselves to your inbox and cloud storage too. Santa might be giving them coal this year, but who needs Santa when you have full access to someone’s Amazon account and inbox?

Happy Holidays, You’ve Won Front Seat Tickets to the Phish(ing) Show

Every year, we see troves of fake emails from Amazon, Fedex, UPS, Amex, etc. Sometimes the cyber criminals are so good, these emails even fool SPAM filters. Beyond the risk of losing your personal credentials, phishing emails can also be malicious. If a cybercriminal is going to take the time to setup a phishing scheme, they might as well add malware to the mix. When people open up personal emails on business networks, the risks increase dramatically. You submit credentials, then there’s a weird download that starts automatically. Before you know it, the cybercriminal has backdoor access into your PC, which in turn, gives them access to your network.

Common Exploits and Vulnerabilities

Cyber criminals don’t just look for vulnerabilities in computers, they need unsuspecting people to be vulnerable first. They do this by taking advantage of our emotions. During tax season, calls and emails from fake IRS scammers and fake government officials catch us off guard and feed into some of our worst fears. What’s worse? Sometimes these scams are more targeted and deliberate than you’d expect. Personalizing phishing emails and calls adds a scary element, “How do they know so much about me?” Well, most of the information is available on Linkedin and other dark corners of the internet.

What can you do?

Here’s the thing, even those of us who know IT can be fooled. Security needs to be layered. Falling prey to phishing attacks, clicking the wrong links and accidentally submitting credentials on the wrong site is all too easy. Just telling people not to click anything that looks phishy won’t help. Most of the emails look legit, so businesses can’t rely on user training alone to be a foolproof solution.

First, a strong firewall and email scanning system can prevent the worst emails from originating in a business inbox, but there’s still personal inboxes to worry about. Traditional perimeter security can help, but this is where up to date malware and virus scanning on each PC becomes critical. Next generation firewalls can detect malicious links, but if something slips through a traditional firewall, next generation malware and antivirus scanners will detect viruses and malware before they become an issue.

Intuition Managed Services will take care of most business’ security concerns, but beyond our standard Intuition Managed Services platform, we also created Intuition Security+ to make hardened security easier for businesses and users. We added the following new security features:

  • Single Sign-on + Multi-factor Authentication
  • DNS Internet & Web Application Monitoring, Filtering & Protection
  • Security Awareness-Risk Management End User Training
  • Enhanced Network, Services & Device Performance Monitoring & Management
  • Corporate & User Policy Templates & Management

If you want a gift that keeps on giving? Click for more security instead of less.