Corporate gifts, office parties, and other social engineering attacks to watch out for this holiday season
Five techniques for how businesses get scammed during the holiday season
As the holiday season approaches, the cybersecurity company NordLayer shares five intricate techniques for how businesses might get scammed. For example, with increased online shopping, cybercriminals tend to create fake websites that imitate those of the most popular retailers, or they may target businesses with more phishing attacks than usual. Also, corporate parties are a target for social engineering attacks due to the relaxed mood, tailgating possibility, and costumes. Corporate gifts
The festive season is a great occasion to thank business partners and colleagues for their year-long support. However, being in a rush and less attentive can lead to serious losses. When ordering business gifts, be aware of fake, “spoofed” websites of popular retailers.
For example, NordLayer, in its most recent research, discovered that hackers on the dark web mostly search for information about retailers like Target, Amazon, and eBay.
Carlos Salas, a cybersecurity expert, says, “Always check whether websites misspell the original name of the domain, use numbers instead of letters, or have a subdomain in the website URL code.” Sites that mimic the appearance of well-known retailers are stealing user data or payment information. “Lastly, if you feel generous this year, keep an eye out for dodgy-looking charity sites so that you don’t accidentally sponsor hackers instead of those who are actually in need,” he says.
Invoice scams During the holiday season, scammers may impersonate the company’s executives and send emails requesting the purchase of partner gifts or employee awards. Another technique involves receiving invoices for purchases that you can’t remember making.“To make matters worse, all of these cases are usually time-sensitive, so you don’t have enough time to think twice before clicking,” Salas says.
Holiday greetings for employeesPhishing attacks surge seasonally. The holiday and tax seasons are among the most prominent times for phishing. Be aware of emails redirecting you to other websites. Always check for grammar errors and look at the sender's email because even the most innocent greeting might try to lure you into revealing sensitive data to the attackers.
“Employers might take into consideration just how dangerous this holiday season is by, for example, organizing a cybersecurity exercise for all their employees. Such training is always a good reality check and automatically makes employees more alert,” Salas says.
WFH risksIt is natural that during this time of the year, we want to spend time with loved ones and not in the office. However, as good as it sounds, without certain cybersecurity rules, working from home can be a challenge for some companies. To make it easier, Salas recommends a few actions to start with: “No matter where you or your employees work from, strong and unique passwords are a must”
According to NordPass, as many as 70% of the passwords in this year’s global most common passwords list can be cracked in less than a second. “Also, have reliable internet security tools like a VPN and a firewall. Lastly, foster the right cybersecurity culture within your company, encourage transparent communication, and create a human firewall,” Salas says. Office parties and social engineering
One of the most traditional ways to celebrate the end of the year is to host a holiday party at the office. While these celebrations do bring joy, they also provide opportunities for scammers to exploit the premises by tailgating or impersonating employees. Tailgating typically refers to the unauthorized following of someone through a secure access point, such as a door or gate, to gain entry to a restricted area. In the context of an office setting, tailgating could occur when someone without proper authorization follows an employee into a secure area, taking advantage of their access.
Also, if it is a costume party, criminals can try to blend in by donning a costume themselves. A relaxed and laid-back atmosphere can make such social engineering attacks highly successful, so ensure proper employee authorization at the office gates, allowing entering only “one-by-one.”