We Phish You a Merry Christmas!

  • December 13, 2019 - by Drew Williams
Share Button

Tis the Season

… to be ALERT and AWARE!

Synoptek is seeing a dramatic rise in security compromises around the holidays and as we are in the middle of another holiday season shopping frenzy, now would be a good time to take extra care.

The 2016 holiday season saw a 20.5% increase in cyber attacks, which bloomed to 57.5% in 2017. Recent statistics/surveys show that half of all Internet users delete phishing emails as soon as they receive them, but 20 percent of us have fallen for the scams, with special focus fixed on the C-suite.

These numbers herald in the season of giving (and taking!) – a prevalent time for criminals to launch attacks. During the Holidays, phishing scams increase and so does the quality of these attacks. Email and text phishing are going to hit everyone a lot harder, and it’s not just in the U.S. Target markets for email phishing include an increase in activities (25% in India and 42% in France). Look, also, for an increase in robocalling, asking for “donations” to worthy causes. This is also a likely scam to get a target victim’s personal information (and if they can get into your wallet—all the better!).

Over Which River and Through Whose woods?

Cyber criminals will also exploit the data collected from breaches to discover which users to target for further compromise, and the use of Artificial Intelligence tools is now becoming more prevalent in their efforts to locate and exploit new and unsuspecting victims. Most users will probably ignore a call from an unknown number, but what about a call from a family member?

For that added personal touch this holiday season, cybercriminals are also creating more sophisticated scams by including family member caller Identification to further exploit their target victims. So be sure that really is “Grandma” on the other end of the line!

Keeping the Grinch Away

Malicious emails pretending to be legitimate communications from trusted contacts (like the CEO), is a growing trend in phishing efforts. The best remedy for this activity is a combination of process and technology that validates sender identities and alerts/blocks when something looks out of place.

Most Office 365 users, for example, might not know that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance (DMARC), their organization is open to the phishing attacks that target their staff AND their customers.  Implementing email authentication mechanisms such as DMARC/DKIM/SPF can significantly reduce a malicious actor’s ability to impersonate people within the organization. This is part of O365 and could greatly help the client.

People who are running Office 365 environments can learn more about DMARC settings here

What’s Behind that Elf on your Shelf?

Phishing only benefits bad guys if they gain access to the data they steal. That means there are clues in the client’s outbound traffic that can signal a security breach. Data or credentials aren’t compromised until after they leave the point of origin, and if destination traffic patterns show an increase in activity, particularly encrypted traffic, that’s a good indication that what’s coming down the chimney might not be big, fat, red and jolly. But for an organization that doesn’t have the capability of monitoring for this type of traffic anomaly, Synoptek’s preferred client-side anti-evasion Services can help keep Cindy Lou Who safe and tucked in her bed!

Also, our friends at the Federal Trade Commission remind us that we should protect our accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to an account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:

  • Something you have – a passcode you get via text message or an authentication app.
  • Something you are – a scan of your fingerprint or your eye.

Multi-factor authentication is often just enough trouble to keep the bad guys from continuing to chase you, forcing them to do their caroling down the road.

That’s not Jacob Marley Knocking!

We should all be a bit more leery of providing sensitive financial information online. But as long as you are making a transaction through a secure website, there shouldn’t be a problem:

  • Be sure you know who you’re dealing with BEFORE you submit any information (does that URL begin with “https”, and is there a closed lock icon near the address bar?).
  • For an extra measure (and to make sure there’s no phantom door-knockers), check for the site’s security certificate. If you get a message stating a certain website may contain malicious files, do not open that website!
  • Never download files from suspicious emails or websites. Even search engines may show certain links that may direct users to a phishing page that offers cheap products. Once you make a purchase at such a website, your credit card details will be on the open market with the cybercriminals.

What Happens when It Happens…

If you fall for the bait (and we all do at one point  or another), whether e-mail or text message, report it. The information you give can help fight the scammers.

  • If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
  • If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software.
  • Contact your Synoptek Client Representative and schedule a Security Assessment and possible follow-up with a Security Scan.
  • you got a phishing email, forward it to the FTC at spam@uce.gov and to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).
  • Report the phishing attack to the FTC at ftc.gov/complaint.
  • And then call Synoptek. We’ve got people who can help!

While the holiday season is a great time to exchange gifts, some things are better left remaining in the crate. That “Major Award” might get you more than just a leg lamp in a box marked, “Frah-jee-lay”—and hopefully no one gets an eye put out!