As most families come down off of the exhilaration of Christmas and New Year’s and pack up the holiday decorations for another year, it’s important not to let your guard down when it comes to security. The bad guys still have a few tricks up their proverbial sleeves, and they’re always looking for an angle to exploit.
The holidays are always a time of increased email spam and phishing attacks. Many consumers shop online and there is an exponential spike in shopping transactions, bank activity, and shipping confirmations and updates. Attackers take advantage of the increased volume of email and financial activity to target potential victims.
Now that the holidays are behind us, though, the opportunity for attackers still exists—just slightly modified. The initial shipping of gifts may be over, but hunting down packages lost in transit, returning broken or unwanted gifts, and sifting through receipts and credit card statements is just beginning. Kevin Routhier, founder and CEO of Coretelligent, explains, “Organizations and consumers alike should remain vigilant and watch out for spam and other forms of malicious emails disguised as order, shipping or return notices. These might appear to come from valid vendors like BestBuy, Target and Walmart, for example, but they’re often times easily recognizable as scams.”
Avoiding these scams can be tricky sometimes, but for the most part it’s a matter of simple common sense. Messages with poor grammar and obvious spelling errors most likely did not originate from a legitimate source. Another easy way to detect spam or phishing attacks is to look at the “From” address or URL of any links included in the message. Most are obviously wrong, but you do need to pay close attention for domains that appear to be close to the legitimate one—such as Wallmart.com instead of Walmart.com, or BestBuy.shadyphishingscam.com instead of just BestBuy.com.
Routhier points out that there is another potential security concern to keep in mind: Hackable gifts. The recent hack of VTech—a maker of popular electronic toys and educational gadgets—is evidence that attackers have no qualms going after such targets. Connected devices like baby monitors, home security cameras, or even Hello Barbie all represent potential targets for attackers looking to hack your holidays.
None of this is necessarily unique to the holidays. The sheer volume of emails and financial transactions simply makes it easier for attackers to blend in and raises the odds that a potential victim will open a file attachment or click a malicious link. The advice for how to avoid email spam, phishing attacks, and other malicious exploits applies all year long, but it pays to be especially vigilant during the holiday season and its immediate aftermath.