Learn How a Good Deal for Your Employees May Become a Bad Ordeal for Your Organization
Your employees may not be shopping while they work, but they are turning to online retail for their holiday shopping. This year more than ever before, people are counting on online deals to make their holiday wishes come true. Special offers on Black Friday or CyberMonday look more tempting than ever, particularly as we face uncertain economic times.
Did you know that employees who work from home are more easily distracted? Hackers know that too! They are aware that employees are more vulnerable to phishing emails, so it’s no wonder we have seen them spike in recent months.
What is unique about phishing emails on Black Friday?
Black Friday and CyberMonday phishing emails tend to showcase amazing deals. Oftentimes these offers use emotional tactics to lure consumers into clicking offers that don’t really exist. Consumers expect deals, so phishing emails on Black Friday focus on deals more than any other type of scam.
Why do cybercriminals launch more phishing attacks during Black Friday?
Employees are also consumers when they’re “off the clock” and can be dazzled by enticing offers. When it comes to phishing emails they are all carefully crafted to maximize the chances of you clicking on them.
Popular Black Friday Phishing Examples Include:
- Notification emails that say the user’s account is locked, disabled, or will be deactivated.
- Fake emails that look like familiar sites, but lead to fake websites, designed to acquire users’ login and password credentials.
- Legal extortion emails claiming to have knowledge of legal violations and threatening to expose them.
- Technical support fraud, with the most classic example being “you have a virus.”
- Social media impersonation scams that use fake or real social media profiles to approach “friends” for money.
- Spear phishing attacks, when someone the user knows and trusts , then try to divulge secrets or prompt the user to send money.
It’s common for Black Friday phishing scams to play directly into people’s emotions. This is commonly achieved by careful personalization of the message being sent, and tying it to real life events.
Watch Patrick Watson, Security and Privacy Architect Expert, describe the moment hackers launched a personalized phishing attack against his employees
Amazon Phishing Email and Amazon Scam Emails
Amazon is one of the brands people trust the most and criminals use this trust to catch Amazon customers off guard. One of the most common complaints in the world of scam emails is Amazon phishing emails. An Amazon phishing email looks just like an email from Amazon at first glance, which is why it’s so tricky to spot the difference. Phishing is designed to confuse, but if you follow these rules, you can learn the difference between an Amazon phishing email and a real email from Amazon.
Top Tips on Recognizing Amazon Phishing Emails
- Real emails from Amazon come from Amazon.com domains, not “[email protected]” or other domains like @gmail, etc.
- If you’re not sure about an email do not click links or open attachments.
- “The real Amazon” would l never ask you for personal information by email, text, phone or other communication. For example, your social security number, tax ID, bank account number, credit card number or security questions.
- If a Black Friday offer seems too good to be true, it probably is.
PalPay Phishing – Fake & Scam Emails from PayPal
PayPal is one of the fastest growing payment methods, with an estimated 346 million active users in 2020 trusting PayPal. So it’s no surprise that PayPal users are a target for cybercriminals with PayPal phishing schemes. If you think you got a PayPal phishing email you’re not alone.
Top Tips on PayPal Phishing Emails
- Real emails come from @paypal.com and never from other domains like gmail, hotmail or names that look similar to PayPal but are not PayPal.
- If the email is asking you for personal information, it’s not from PayPal.
- To report phishing emails from PayPal, forward the entire message to [email protected]
- Do not open or click on anything in an PayPal email you suspect is fake.
Other Black Friday Cyber Attacks
While Amazon and PayPal are the two biggest companies we commonly see phishing emails from during the shopping season, cybercriminals use many other brands and tactics in their activities.
Top Tips to Recognize Phishing Emails
- The sender has a trusted name in the display name, but the email address is different.
- The message seems a bit ”off”, despite it appearing to come from a recognized brand or someone you are familiar with.
- The message is unexpected – you’re not expecting the email, request, or task from the sender.
- The email lacks important details that you’d expect to see in an “official email” (signatures, logos, links, etc.)
- The sender requests personal information or asks questions that sound out of place, like a phone number or ID verification questions.
Anyone can fall victim to phishing emails. Training and Learning are the only proven method to actively help employees and managers differentiate between real emails and phishing emails.
As cyber criminals get more sophisticated every year, it’s hard to constantly keep up. It’s no surprise that people from all walks of life and levels of security experience find themselves a victim to phishing emails. While implementing email security technologies is essential in any organization, only continuous employee training can build resilience and strengthen the “second line of defense” – your employees.
Some complementary resources for training employees on identifying and mitigating cyber attacks can be found here to help you get started.
Have a fun Black Friday and a safe shopping experience!