How to Train Your Staff to Avoid Holiday Phishing Scams
Along with the seasonal festivities of the holidays also comes renewed phishing attacks that take advantage of distracted workers that may have their minds on planning for holiday meals and gift shopping.
Seasonal phishing scams often mimic the types of emails that increase during November and December, such as order and tracking emails, charity emails, and messages related to holiday events or schedules.
20% of British consumers say they like to do their online holiday shopping at work.
The increase in phishing attacks mean more risk for your business network if it’s not properly secured. A well-trained staff is one of your most important protections when it comes to phishing attacks, since they’re on the front lines and are the first to see the scam in their inbox.
One of the reasons that it’s important to conduct ongoing cybersecurity awareness training for employees is because there are certain types of threats that tend to be seasonal.
If the last training employees received on phishing attacks was back in April, then come November, they’re unlikely to be prepared for the types of phishing scams they’ll be seeing mixed in with legitimate email.
With the holiday season already well underway, it’s important to prepare your staff now. Here are several things to train your employees on so they’ll be armed with the knowledge they need to protect your network.
The Types of Seasonal Phishing to Look For
It’s important that employees know what types of seasonal email scams to look for, so they can be prepared should one come in. For example, if they know that a tactic of scammers is to send fake tracking emails, they’ll be extra suspicious of any they receive.
Here are several types of seasonal scams to make your team aware of:
- Holiday Schedule: Fake holiday schedules that appear to be from companies you work with will often have malicious file attachments or links.
- Fake Order Emails: Emails that appear to be from Amazon or another popular retailer will cause users to click without thinking because they think there is some kind of mistake.
- False Tracking Emails: It’s easy to mistake a phishing email for tracking that looks identical to a real one. It’s best to never check tracking from an email.
- Holiday Event Emails: Employees may be eager to open an email that purports to be about company holiday events. This is another common scam this time of year.
- Fake Charity Emails: Phishing that requests charitable donations is also prevalent at this time because it’s when legitimate charities often increase their marketing efforts.
How to Reveal a Phishing Email URL
Phishing emails use URLs more often than they do file attachments. Approximately 85% of phishing emails contain links to malicious sites.
These links can be hidden behind text that makes it look like a legitimate URL or behind a button or clickable image. Hovering over hyperlinked components in an email without clicking on them can immediately reveal an email as phishing.
Link hovering is a best practice for employees to employ with any emails they receive.
Take a Stance of Being Suspicious by Default
While it may sound harsh, it’s better to be suspicious of all email that comes in by default rather than the opposite. Phishing scammers are so successful because users tend to trust emails they receive until they’re given a reason not to.
If instead, employees suspect that any message in their inbox could possibly be phishing, they’re much more likely to give them a thorough inspection and avoid falling for a scam.
Don’t Trust the “From” Address.
Phishing attackers often use what’s known as email spoofing to fool the recipient into believing an email is legitimate. Email spoofing is when the scammer puts a trusted email in the “from” line of an email, but the email is actually sent from a different address.
This tactic is often used in targeted spear phishing attacks and scammers will use an email from the company’s domain to make users think the email is from within their organisation.
Users can reveal the true sending path of an email by viewing the email source code in their email program.
Tell Users Where to Go for Help
Employees will often click a phishing email by mistake because they didn’t have a resource that they could go to for a second opinion. They make a “judgement call,” which can have devastating consequences.
If you have a relationship with a trusted IT provider, you give employees an important resource to go to for help identifying whether an email is phishing or not. This is especially important for remote workers who don’t have a coworker next to them to ask.
Ensure Your Employees & Network are Protected
Enable Technology can help your UK business with employee security awareness training as well as email spam filtering and other phishing attack safeguards.