Hackers are always looking to get their hands on sensitive data. Black Friday and Cyber Monday are particularly appealing for hackers due to the surge in shopping. Shoppers’ eagerness to find the best deals is what makes them easy targets for hackers. Scammers, in turn, use the same “promotional tactics” that retailers do during the shopping season, hence they can more easily make wild claims without seeming too scammy.
The Main Threat – Phishing Emails
The Cybersecurity and Infrastructure Security Agency (CISA), which operates under The Department of Homeland Security, issues a warning each November – right before Black Friday. The alert reminds users to be aware of seasonal email scams and malware campaigns: “Users should be cautious of unsolicited emails that contain malicious links or attachments with malware…which could result in security breaches, identify theft, or financial loss”.
According to F5 Labs, phishing season ramps up in October, with incidents jumping over 50% from the annual average. They urge to “be on the lookout now, and start warning your employees to do the same”.
Why are phishing emails such a big threat this time of year? Malicious emails try to motivate victims to take action fast. They might offer a time-limited deal or a low price that’s hard to turn down to try and get targets to ‘act before they think’. Shoppers’ motivation to find the best deals becomes a big vulnerability.
This risky business can easily affect more than just those trigger-happy individuals. Employees often check their personal email on their work computer, so whether the phishing email has been sent to the organization domain or to their personal inbox, that one hasty click can put your organization at risk of a serious data breach.
The Innocent-Looking Email and Alarming Signs to Watch For
CISA is warning users of unsolicited emails – so what are some of these warning signs we should all be aware of? Let’s look at this phishing email which offers attractive Black Friday Deals from Amazon – the number one online retailer in the world:
This email announces early Black Friday Deals with some affordable items, designed to appeal to the majority of consumers. The logo looks legit, and the familiar Call-to-Action to join Amazon Prime makes this email appear valid.
But if you take a closer look you will notice some red flags, which are commonly used phishing tactics:
- The sender gains your trust by offering you a personal benefit
- The sender’s email address does not match the brand it claims to represent
- Hovering with your cursor over the link will display an address not related to the sender’s name
- This email doesn’t look like one sent from a known source
The Answer: Changing Employees’ Behavior
So now you know. But what happens next time a phishing email lands in your inbox and you’re skimming through it in a rush? And furthermore, what happens the next time a phishing email makes it through to your employees’ inbox?
Identifying and avoiding phishing emails requires behavior change, which can only be achieved via training. Training helps to improve reflexes and builds our memory muscles so we immediately respond to a certain trigger in the desired manner. In order to change behavior, there’s a need to reshape the training experience itself and keep it dynamic and engaging.
Continuous cyber security awareness training is the only way to guarantee that your employees take that extra moment to carefully scan a suspicious email for alarming signs and instinctively hit the ‘reporting button’ instead of that malicious link.
Ready to learn more about the only autonomous training platform for enterprises? Request a demo with one of our experts to find out if CybeReady is the best fit for your organization.
