Holiday email scamming campaigns are conducted at this point every year due to the fact that they are often successful.
Dangerous malicious programs are disguised as Christmas screensavers, phishing campaigns will look like festive quizzes, and you can expect an African prince to need your help with a huge bank transfer. Don’t be shocked to discover that you have won a Sweepstake in a country you have never visited or that one of your online accounts will be hacked requiring you to seek technical support.
These and many more scams will be broadcast in a wave of holiday email spam and, if you are not careful, you may inadvertently fall for one of these often cleverly crafted scams. Some of the most recent phishing scams are incredibly convincing, and you may not even realize you have been tricked and have become a victim of a scam.
Business owners should be extremely careful as their staff are particularly vulnerable at this time of year and it is likely that they will not be as security conscious as they may normally be.
Things could be even worse this year as the scammers improve their tactics every year. If an employee is tricked by a holiday email spam attack, it will aim to infiltrate more than their bank account. Phishing campaigns are devised to get employees to hand over important business data or login credentials. The FBI has warned that business email is a strong focus again. In the past two years over 7,000 U.S. firms have been targeted and have experience criminal attacks. Those attacks first target employees, and the festive season is the perfect opportunity for a business email compromise (BEC) attack to take place.
Typical Holiday Email Spam Campaigns
- Business Email Compromise (BEC) Attacks: The FBI has already shared a warning this year to groups that perform wire transfers on a constant basis and/or work with foreign suppliers. They are being aimed for by hackers using sophisticated scams that start with the compromising of a corporate email account. Social engineering and phishing tactics are used to get staff to hand over their login credentials. Once access to bank accounts has been stolen by hacker, fraudulent transfers are made. Holiday email spam campaigns are expected to be sent targeting groups and specific employees within those groups. During the holiday period employees must be told to be extra careful.
- Holiday e-card scams: Holiday e-card scams are normally witnessed in the run up to Christmas. hackers target the growing popularity of e-cards and send out spam emails in the millions telling the recipient to click a link to view an e-card. However, those links are sent to convince users to install malware to their computers. Any email including a file attachment claiming to be an e-card is probably fake. The attachment could easily be malware.
- Holiday-themed screensavers: Christmas and other holiday-themed screensavers are often used by employees. These screensavers can be seen as fun and festive, but may actually be very dangerous. Employers should think about implementing a ban on the use of screensavers as a precaution. Staff members should be cautioned that any .scr file sent in an email should be treated with suspicion and not downloaded or installed. Criminals hide attachments and the .scr file may actually be an executable file that downloads malware.
Be ready for this holiday season and you can be sure your computer and network spam and is malware free. If you do not take action and this holiday time is unlikely to be happy.
