Hello, and welcome back to this next TomCast from GuardSight, an Iron Bow Technologies company; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we’re going to discuss maintaining cybersecurity awareness during holiday seasons. The holidays present unique challenges to many people, as during these times there are several different incentives that arise for online transactions. It is rather ironic that the month prior to the beginning of the holidays is cybersecurity awareness month. If that same level of awareness could be carried throughout the entire year cyber-related incidents might just decrease.
Anyway, getting back to the topic at hand, cybersecurity awareness during the holidays is paramount. With manufacturers, vendors, and retailers offering deals for potential buyers in an effort to bolster their sales for the year, many threat actors take advantage of this same time of year trying to trick consumers into falling for their special deals as well.
For some reason, cyber awareness falls by the wayside in favor of a good deal. Whether it be during the post-Thanksgiving rush of Black Friday, or the online flurry of activity during Cyber Monday, these are opportunities for threat actors to harvest information like no other time of year. Increased vishing, smishing, and phishing attempts cause quite a bit of havoc for unaware consumers when some additional attention to detail could foil the threat actors attempts.
Let’s start with phishing. Emails looking like they are from valid retailers need some additional scrutinization before clicking that magical link that could potentially save the consumer money. First, utilizing some common sense, ask yourself whether or not you have ever provided your email address to the manufacturer, vendor, or retailer that is sending you an email. All too often we presume that our information has simply been shared online and we just receive these emails as part of organizational marketing campaigns. That isn’t always the case, so doing some thinking or second-guessing can thwart attempts to harvest information.
Checking the spelling throughout the email is an easy next step. Also performing what’s known as a mouse-over (taking the mouse cursor and hovering the cursor over the potential link without clicking it to see if the link that is displayed is valid or not), can help validate an email. Checking the potential email for hidden ljnks (for example, an email from a vendor that has what appears to be an official logo from the sending organization by performing a mouse-over of the logo to see what link is displayed).
Also, double checking with the actual manufacturer, vendor, or retailer by manually visiting their websites or by simply calling them can validate whether the offers received in email were valid. This may sound like it’s a bit above and beyond, but is validating the source of the potential phish more of a pain than potentially having your bank account and other information stolen? Is that really worth the gamble?
Let’s now look at smishing attempts. For those of you out there that are not aware with the term smishing, that is a condensed term that stands for SMS phishing, or phishing attempts via text message. Like email phishing, take the time to think before reacting to whatever has arrived via text message. Why would a manufacturer, vendor, or retailer be texting you directly? Do you recall providing your cellular contact information to the company that is contacting you? Are there links in the text for you to tap? Do you recognize the number the text arrived from? Easiest way to deal with unknown text messages, or text messages that have arrived from unknown sources is to simply delete them.
Which takes us to vishing attempts. Like smishing, if you are not aware of the term vishing, it is condensed from voice-phishing, or telephony-based phishing. These are actual phone calls from people touting to be from a manufacturer, vendor, or retailer offering assistance of some kind in exchange for something. Staying consistent with our approach, think to yourself why the organization would be calling you directly. Did you share your contact information with them? Are they asking for information that is pertinent to something you are currently dealing with?
Think about the call, think about what is being asked of you, and think logically about what you are being asked to share or provide. Validate the credentials of the person on the other side of the call. Ask for a callback number, an identification number, a supervisor’s name with contact info as well, then simply request to talk with the supervisor to validate the information you have just received.
If you are uncertain about phishing, smishing, or vishing, or if you performed an action (clicking a link that you were uncertain of, for example), and are concerned that your information has been compromised, reach out to the folks at GuardSight or Iron Bow. They can help you understand what has occurred, and what actions you may need to take. We’d be happy to help you in any way we can.
We here at GuardSight and Iron Bow thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight or Iron Bow can do for you, head on over to www.guardsight.com or www.ironbow.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!