PhishMe has today offered businesses advice of the typical phishing campaigns that circulate at this time of year to spoof employees:
The end of the year provides attackers with a number of potential topics that allow them to take on an authoritative tone and create a sense of urgency for the recipient, including:
Office Party Invitations:
US recruitment firm, Battalia Winston, estimates 88% of companies plan to throw a Christmas party this year, meaning lots of invitations will be sent over email. Spoofed invitations present
attackers with a great opportunity to craft a holiday-themed phish.
Charity Phish:
Online charity fundraiser Network for Good sees nearly a third of all donations in December, and advises charities to conduct holiday outreach through email. Unfortunately, attackers know this too, and will craft plenty of phishing emails that tug at a recipient’s emotions by spoofing common charities.
Holiday eCards:
Who doesn’t love to receive a nice message? But is that link to an e-card actually from your colleague, manager, HR Department, etc. or is it something sinister? Disguising a phish as a Christmas message is a simple and effective attack tactic every year.
Holiday Discounts:
‘Tis the season for getting sweet deals, and retailers will be sending out plenty of legitimate emails advertising their sales. Attackers will be sure to take advantage of the holiday sale noise by sneaking in phishing emails masquerading as retailers offering blowout deals.
Travel Notifications:
While missed flight emails are an effective phish any time of year, with the spike in travelling around Christmas and New Year, they are even more effective during the holidays. An email warning of flight itinerary change will certainly grab the attention of an employee eager to get home for the holidays, so travel-related emails need to be viewed with suspicion.
Package Delivery:
UPS and FedEx both expect an increase in shipping volume this year, meaning we’ll also see a surge of package delivery emails. An email warning of problems with a package delivery plays on the recipient’s emotions, and makes for an especially effective phishing email during the holiday season.