Being the grinches that we are we thought that instead of giving you a gift this Christmas we’d give you a warning! You’ll get a lot of messages over the next few days and weeks wishing you season’s greetings. Amongst them though, will be well-wishers with more sinister motives. My family has already received a scam SMS: it told us we had a package with an outstanding duty payment on it (of $2) and we just needed to follow the link to pay the amount and release our package. This is pretty typical of delivery scams that many kiwis are receiving at the moment. Luckily we had a bit of skepticism and a handy cybersecurity expert to seek advice from!
Cybercriminals are smart – knowing that people do lots of online shopping at this time of year and that we are all receiving unannounced parcels from overseas, they inundate us with fake SMS and email phishing attacks. You can be sure that there will also be other Christmas-themed attacks – these people know that at this time of year we are more inclined to click on silly-looking email links (e-cards, greetings, games…) and they will exploit this.
But it’s not just consumer and personal attacks to be aware of. During any extended holiday period, certain criminal gangs step up their efforts – especially if they come from a culture or country where this holiday isn’t a big thing. They know that security teams will be poorly staffed and that anyone still at work probably only has half their mind on the job, and they will use this to help them gain access. Heightened demand during Christmas will also increase the vulnerability of certain industries (e.g. retail, online shopping), especially to ransomware and DDoS attacks.
Luckily there are some simple things you can do about this:
- Run a seasonal awareness programme before the break. Even if it’s just a simple email or blog post, make your team aware that this happens, and let them know what to do about it. Ideally have a plan in place to run these campaigns well in advance.
- Understand whether your organisation has an increased risk profile during Christmas. If it does, put in place some mitigations.
- Have plans for incidents and advice during the holiday period. Make sure there is some security expertise available if something does happen.
But don’t call me – I’m at the beach!
Like Doug, the Axenic team is taking a break between December 18 and January 5, but for any emergencies you can always get Terry on 021 912 739.