Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Cybersecurity Consulting
7 Tips to Avoid Holiday Scams for Businesses
November 17, 2022
7 minutes
You may already know that holiday scams run rampant at the end of the year. It is unfortunately easy for bad actors to take advantage of the increased trust and goodwill many people experience during the season. But did you know these increased attacks can have a profound impact on your business as well?
In this blog, we’ll review seven tips for avoiding scams around the holidays (or any other time of year) that are effective and useful for your overall organization and the individuals who make it great.
The holiday risk only increases when your employees work while traveling home. Help them keep your organization safe with the tools in DOT Security’s Cybersecurity Checklist for When You’re on the Go.
Are There Really That Many Holiday Scams?
Yes, there’s a dramatic increase in attacks and scams during the holiday season. There is a 30% increase in ransomware attacks during the holiday season compared to the monthly average, and a 70% increase in attacks in November and December compared to January and February, according to Darktrace.
Unfortunately, while the holidays are known to be a particularly dangerous time, businesses do not prioritize cybersecurity, leaving themselves vulnerable to attack.
Below, enjoy our holiday-themed animated video of what can happen when a hacker attempts to use phishing to steal data. DOT Security wishes you secure holidays!
Why Are Holiday Scams So Common for Businesses?
There are two main reasons bad actors increase attacks during what should be the season of goodwill.
Online shopping opens up opportunities for all kinds of holiday scams. These can include fraudulent auctions, unsecure ecommerce websites, and emails that can be easily simulated in phishing attacks.
And if a member of your organization makes an honest mistake and an attacker slips in, there’s no guarantee the experts will be around during the holiday season to handle the problem. 86% of cybersecurity professionals have had to miss holidays or weekend activities with family to handle an incident, according to one Cybereason report.
Nearly three-quarters of respondents also admitted to being intoxicated when these issues arose.
Bad actors are aware of these factors, which is why they increase their attacks at the end of the year. In fact, the Cybersecurity & Infrastructure Security Agency (CISA) has even released an alert for businesses about increased attacks when offices are closed.
Tips to Avoid Holiday Scams
1. Learn to Recognize Phishing Attempts
Phishing is one of the most common attack vectors, and for good reason: it’s extremely economical for hackers. It’s easy for them to send out millions of spam emails, and they only need one to succeed in getting what they need.
Make sure that one is not in your organization by training your employees to recognize a phishing attempt. The top things they should be looking for include:
- Most phishing attempts are in the form of unexpected emails that need you to take action
- These messages are often rife with spelling errors
- There is a heightened sense of urgency
- When in the form of emails, they come from a domain name that doesn’t match the one the sender would typically have: instead of ABCcompany.com, it will read ABcompany.com
- The message says a given link leads to one website, but when you hover your mouse over the linked text, it actually leads somewhere else
Phishing emails from organizations pretending to be shipping companies sending “information about your order” are a particularly popular holiday scam. Learning to recognize and avoid these attacks will go a long way towards keeping your company safe.
Related Quiz: Do You Know How to Protect Yourself Against Phishing?
2. Ensure Online Shopping Sites are Legit
Purchasing gifts from small businesses for office gift exchanges is great! But when you do, make sure the site you’re buying from is legitimate and well-secured. It’s too easy to show a picture of one product online and then ship another (if something gets sent at all) or send something in much worse condition.
If in doubt, check with the Better Business Bureau (BBB) to see if others have filed complaints against the company.
Also be cautious of the vendor’s online cybersecurity. If they have an HTTP web address instead of HTTPS, for instance, or don’t have any method of securing your credit card number, you may not want to trust them with such sensitive information.
3. Be Careful With How You Pay Online
Some people prefer to pay for goods and services directly from their bank account so they’re always aware of how much money they have. While that may make sense from a personal accounting perspective, it’s not recommended from a security perspective.
If you do end up getting scammed, you can dispute the charge with your financial institution if you made it through a credit card. But that’s not possible if you send the money directly via wire transfer. Once scammers have the money, it’s theirs.
Additionally, one of the guiding principles of secure data protection is not allowing anybody access to more data than they need to do their job. Don’t provide information about your personal or business bank account when all a vendor needs is an easily-replaceable credit card number.
4. Check Before Updating Accounts and Passwords
While it’s a good idea to regularly update your passwords to avoid compromise, around this time of year, verify why you’re doing it. A legit reminder from your IT or cybersecurity team is a great reason to switch it up. But some phishing attacks, instead of asking you to download something, will try to trick you into sharing sensitive information in the guise of “updating it.”
A very common holiday scam is a fake message from a shipping or ecommerce company asking you to change your password or other account information. If you get a suspicious email like that, make sure it’s actually required without clicking any links in it. We recommend calling the business, if possible.
Related Blog: 5 Identity and Access Management Best Practices
5. Research Charities Before Giving
Fake charities in fiction are an excellent device – The Human Fund from Seinfeld is a classic. Unfortunately, they crop up occasionally in real life as well, where they are much less fun. The holidays are a season for giving on both a personal and corporate level, but when you do, research the organization to ensure they are worthy of your donation.
Some fake charities will just take your money and send very little to the people or causes that need it. Others will also steal your information. You can research these organizations through the BBB, just like any other corporation, as well as through Charity Navigator or similar services.
6. Don’t Online Shop in Public
As convenient as public Wi-Fi is, since everyone can access it, bad actors can get on at any time. Someone who knows what they’re doing can easily use a shared connection to unsecured public Wi-Fi to get into one of your endpoints. And if those endpoints are also connected to your company’s environment, they then have access to your entire network.
But cybersecurity doesn’t even have to be that complicated. Anyone looking over your shoulder can simply see you typing your email address, password, mailing address, or credit card information. As we’ve discussed, most breaches occur due to human error, and it's usually as innocent as this.
7. Implement a 24/7 Cybersecurity System
With a little extra cybersecurity awareness, many of these holiday scams are easy to avoid. But since the number of attacks rises when experts are out of the office, one of the best ways to keep your organization safe is to ensure there is always someone who has an eye on your network.
This kind of service doesn’t need to be part of your individual business. It’s just as effective to work with an MSSP like DOT Security as it is to hire your own cybersecurity analysts. So long as there is someone reviewing alerts, you can catch and remediate breaches quickly, limiting their damage, during this or any other time of year.
Bottom Line
Individual and organizational cybersecurity are inextricably tied together, so as the number of holiday scams against individuals rises, so does the risk to your business.
However, by training your staff to spot and report attacks and have a little extra awareness of the implications of your actions, you can make sure this end of year is truly joyous and bright, not marred by attack and compromise.
Take the next step to stay safe this holiday season by making sure the other layers of your cybersecurity strategy are strong enough to support employees working from home while visiting family.
Download DOT Security’s Cybersecurity Checklist for When You’re on the Go today to make sure you’re covered before they go on vacation.