As the holiday season approaches, it is timely to remind ourselves of the vulnerabilities that await us online should we fail to exercise diligence and vigilance while making merry online.
The reality is, the end user (that's you and me) are still the weakest link in the security chain and account for more than 90% of all online data breaches. Social engineering attacks--most often in the form of phishing--continue to be the most popular mode of attack for cybercriminals, especially for those targeting individual users rather than corporations. This occurs when a cybercriminal impersonates a trusted entity attempting to trick the victim into opening an email, downloading a file, clicking on a link or completing form information.
Email security firm Vade Secure just published their list of the most-impersonated brands in the Q4 2018 Phishers' Favorites report. From the report, the 10 most impersonated brands in North America are:
- Microsoft
- Netflix
- PayPal
- Bank of America
- Chase
- DHL
- Docusign
- Dropbox
Not surprising, companies like Amazon, Fed Ex, UPS and USPS move up on this list around the end of the year given the increased activity for such sites and services around the holiday season.
A few simple tips and habits while emailing can save you from a bah-humbug experience this holiday season.
- Never assume any email you receive is legit ... always approach every email with suspicion.
- Hover over any and every link in an email you receive and inspect the email label (the part you see) against the email link (the part you normally don't see). Those two things can be different. And the thing to remember is that it doesn’t matter what the words say. The only thing that matters is where the link takes you. It’s one of the ways cybercriminals get you to bad websites. They create a link that looks safe if you don’t hover and inspect.
- Do the same hover and inspect on the email addresses in your email. While the email label (what you see) might indicate a name you know, ensure the actual email address link (what you most often won't see unless you hover) is legitimate.
- Be highly suspicious of any emails from the above mentioned list as well as those other holiday impersonations ... Amazon, Fed Ex, UPS and USPS.
- Don't open or download anything from an email that you are not 100% expecting. Really, 100% expecting. Like you just talked to your mom and she said she was sending you the recipe.
We hope you and yours enjoy a merry and wonderful holiday season. Be suspicious, but have fun!