Holiday Season: Cybercriminals are Phishing All The Way

In this coming holiday seasons, while many get busy with shopping for their loved ones, threat actors are busy phishing all the way (pun unintended). As more information reaches the hands of retailers and sellers, the bigger chance for cybercriminals to promote and increase the frequency of their phishing attacks. This is not rocket science, in fact, the venerable email systems we are all using for decades continues to be the best way to steal information from unsuspecting users.

“Companies can help protect their users and businesses from becoming phishing victims by putting a good e-mail phishing and Business Email Compromise (BEC) strategy in place. Especially over the festive season, there is a dramatic rise in spam, promotional e-mails and phishing e-mails. For organizations who have a holiday break coming up over December, it is a good time to get a Phishing and BEC strategy in place, test the technology properly and get everything up and running while there are fewer people in the office, before the New Year starts,” explained Charl Ueckermann, AVeS Cybersecurity’s Chief Executive.

Information is money, especially in the age of big data, common folks release information just to do a mundane task like using a discount card in a retail store. Basic information such as full name, credit card data, bank information is stored in a non-secure magnetic stripe-based card still, with the slow adoption of EMV (Europay, Mastercard & Visa chip-based cards) cards in the global scale.

This information can be used for identity theft, using the reputation of the true owner of the information as a leverage to illegally transact on behalf of the real owner. Phishing is everywhere, and no antivirus product can stop it, as it takes advantage of a weakness that all computing platforms have, human users.

“The e-mails often contain a link to draw the recipient to a fake Web site, where they erroneously give away sensitive or personal information. Cybercriminals use this information to steal money, steal identities, steal business information and conduct all manner of fraudulent activities. It can impact users individually or the business as a whole,” added Ueckermann.

Email is a good medium if all its users are honest. It was designed by an engineer who just wants to share information with his colleague, no more, no less. It was not created to promote a product, a concept or to lure people to spend on things they don’t want. However, the technology’s growth has been unprecedented since the 1970s. It is when threat actors saw it as an opportunity to deceive people, either by double-clicking the malicious attachment it contains, directs the recipients to a harmful website or just persuading them to give up their personal information in order to ‘gain something in return.’

“When a phishing e-mail manages to get in, it is pretty harmless until the recipient opens it, clicks on links and ventures onto an unsafe Web site to disclose information they should not be disclosing. That is why it is important to educate employees about the dangers of phishing and how they put themselves, and the business, at risk,” concluded Ueckermann.