Hackers are always looking to get their hands on sensitive data. Black Friday and Cyber Monday are particularly appealing for hackers due to the surge in shopping. Shoppers’ eagerness to find the best deals is what makes them easy targets for hackers. Die Betrüger wiederum nutzen dieselben „Werbetaktiken“ wie die Einzelhändler während der Einkaufssaison, so dass sie leichter wilde Behauptungen aufstellen können, ohne zu betrügerisch zu wirken.
The Main Threat – Phishing Emails
The Cybersecurity and Infrastructure Security Agency (CISA), which operates under The Department of Homeland Security, issues a warning each November – right before Black Friday. The alert reminds users to be aware of seasonal email scams and malware campaigns: “Users should be cautious of unsolicited emails that contain malicious links or attachments with malware…which could result in security breaches, identify theft, or financial loss”.
According to F5 Labs, phishing season ramps up in October, with incidents jumping over 50% from the annual average. They urge to “be on the lookout jetztund warnen Sie Ihre Mitarbeiter, das Gleiche zu tun“.
Why are phishing emails such a big threat this time of year? Malicious emails try to motivate victims to take action fast. Sie könnten ein zeitlich begrenztes Angebot oder einen niedrigen Preis anbieten, den man nur schwer ablehnen kann, um zu versuchen, die Zielpersonen zum Handeln zu bewegen, bevor sie denken. Shoppers’ motivation to find the best deals becomes a big vulnerability.
This risky business can easily affect more than just those trigger-happy individuals. Employees often check their personal email on their work computer, so whether the phishing email has been sent to the organization domain or to their personal inbox, that one hasty click can put your organization at risk of a serious data breach.
The Innocent-Looking Email and Alarming Signs to Watch For
CISA is warning users of unsolicited emails – so what are some of these warning signs we should all be aware of? Let’s look at this phishing email which offers attractive Black Friday Deals from Amazon – the number one online retailer in the world:
This email announces early Black Friday Deals with some affordable items, designed to appeal to the majority of consumers. The logo looks legit, and the familiar Call-to-Action to join Amazon Prime makes this email appear valid.
Wenn Sie jedoch genauer hinsehen, werden Sie einige rote Fahnen bemerken, bei denen es sich um gängige Phishing-Taktiken handelt:
- The sender gains your trust by offering you a personal benefit
- The sender’s email address does not match the brand it claims to represent
- Hovering with your cursor over the link will display an address not related to the sender’s name
- This email doesn’t look like one sent from a known source
Die Antwort: Das Verhalten der Mitarbeiter ändern
So now you know. But what happens next time a phishing email lands in your inbox and you’re skimming through it in a rush? And furthermore, what happens the next time a phishing email makes it through to your employees’ inbox?
Das Erkennen und Vermeiden von Phishing-E-Mails erfordert eine Verhaltensänderung, die nur durch Schulungen erreicht werden kann. Training helps to improve reflexes and builds our memory muscles so we immediately respond to a certain trigger in the desired manner. Um eine Verhaltensänderung zu erreichen, muss das Schulungserlebnis selbst neu gestaltet werden, damit es dynamisch und ansprechend bleibt.
Continuous cyber security awareness training is the only way to guarantee that your employees take that extra moment to carefully scan a suspicious email for alarming signs and instinctively hit the ‘reporting button’ instead of that malicious link.
Möchten Sie mehr über die einzige autonome Schulungsplattform für Unternehmen erfahren? Fordern Sie eine Demo mit einem unserer Experten an, um herauszufinden, ob CybeReady die beste Lösung für Ihr Unternehmen ist.
