Editor’s Note: This is an article about phishing that you should share with your co-workers. But, even more importantly, you should share it with your vendors and anyone who has access to your systems.*
It's Sept 29, 2020. Your friends, co-workers, and bosses are about to be inundated with emails and ads for THE BEST DEALS OF THE YEAR. Amazon and Target are having their annual sales in the same week this year. The big sales will happen during Cyber Security Awareness Month and ironically will lead to cyberattacks.
The folks who phish will take advantage of the fact that people are expecting email related to the sales and will send emails with malicious links. Some of the emails will be obvious fakes, with misspellings and blurry logos. But criminals are getting smarter and some of their emails are copies of the real emails, with the links changed and well disguised.
At best, they will be after credit card numbers. At worst, they will be looking to inject malware (and, the hot malware of 2020 is ransomware, of course).
According to CSO Online:
- 94% of malware is delivered via email
- Phishing attacks account for more than 80% of reported security incidents
- $17,700 is lost every minute due to phishing attacks
Now that you’ve been warned, what should you do when you get the email about the REALLY GREAT LIMITED TIME DEAL ON THE INSTANT POT?
- Don’t click on emails about sales. If the deal is real, it will be on the Amazon or Target website. Just go directly there.
- Look closely at the sender. If it doesn’t look right, it probably isn’t. But even if it looks right, don’t click it.
- If the email has a promo code, just copy and paste (or better yet, just type) it into the checkout when you’re buying instead of clicking it.
- Keep your work and shopping separate. Work on your laptop and shop on your phone. That way, if you make a mistake, it is less likely to impact your co-workers and organization.
*At the top of this article is a note about sharing this article with others. During the pandemic, we have seen a huge jump in phishing attacks. People are not in the office, where they can ask others if they got the same email, they are mixing home & work daily, and most shopping is now online. Additionally, we have seen a huge jump in attacks on 3rd party providers. Even if no one in your organization clicks a malicious link, one of your service providers may click.
