Employee Awareness Training: Holiday Phishing Scams & How to Avoid Them

Ongoing employee cybersecurity training offers a major safeguard to businesses. Keeping employees well trained can protect a company from phishing attacks and the resulting security incidents like ransomware infections or data breaches.

IT security risks can be reduced by as much as 70% when a business invests time and effort into keeping employees aware and trained on cybersecurity on a continuous basis. 

Some typical training topics that employees need to know include:

• How to protect against a ransomware attack
• How to spot phishing emails
• How to properly handle data securely
• How to identify seasonal phishing attacks 

94% of all malware is delivered by email. This is why phishing awareness should be a core training area for employees.

This includes keeping them apprised each holiday season of the typical types of phishing scams that they can expect to see. Phishing during this time of year is particularly dangerous because people tend to be distracted by the holidays and the change in routines.

We have put together a list of several popular holiday season phishing scams for you to warn your employees about to boost your employee training program. We will also include tips on how to avoid them.

It is smart to use remote IT support services as an employee aid for scanning systems for any potential malware or other problems. 

Stay Safe by Being Aware of Dangerous Seasonal Phishing Scams

Fake Tracking Emails

Tracking emails that show up in inboxes multiply this time of year due to all the online holiday shopping. This makes it easy for hackers to slip convincing fake tracking notices in between all the real ones and trick a recipient into clicking a malicious link.

92% of employees check their personal email at work. So, if an employee is on a work network and accidentally clicks a phishing link received to their personal email, it can still cause a malware infection of your network. 

The best way to avoid falling victim to a fake tracking email that looks just like the real thing is to never check tracking through an email link. Go directly to the retailer or shipper’s website instead.

Work-Related Holiday Celebration Surveys

Who doesn’t welcome the opportunity to break up a long workday by doing something fun? This includes weighing in on what the company should do for holiday celebrations or employee appreciation gifts this year.

Employees seeing a “holiday survey” that looks to be from inside their company may immediately click open a link or file attachment without even giving it a second thought.

This is another common phishing scam during this time of the year. Often scammers will spoof the company’s domain in the “From” line to make the email appear to be legitimate.

Employees should know that even though an email domain they recognize is in the “From” line, it doesn’t mean that is the email address that actually sent the message.

Two ways to avoid this scam:

1. Look at the raw text of the message header to see the real sending address.

2. Check with your company by another means (not by replying to the message) to ask if the survey is legitimate. 

Fake Amazon or Other Retailer Order

Fake order emails are another popular seasonal phishing scam and they will typically elicit one of two responses from a user. One of these responses is anger that somehow the retailer has “messed up” with an order. Another user might wonder if they ordered something and completely forgot about it.

In either case, the recipient can click before they think and end up logging into a page that looks like Amazon’s but is actually a phishing site. 

One of the best practices of phishing detection is to hover over any links in an email without clicking on them. This reveals a popup with the true URL of the link. It is often the easiest way to spot a fake.

Holiday Hours Schedules from Vendors

One other way that scammers take advantage of the season is to send out phishing that purports to be a holiday hours schedule from a vendor. These types of emails are common this time of year which makes a fake one harder to tell from a legitimate one.

This is another case where you want to avoid taking any action on the email itself. Contact the vendor directly instead to ensure that the email really did come from their company.

Gift Card Purchase Scam

This particular phishing attack can come via email or via text. It is usually more targeted because the scammer has done a little homework on the company directory.

It will appear as a request from someone with a higher title in the company (such as a manager). The request will ask an employee to purchase “forgotten” gift cards for clients at the last minute.

Hallmarks of this scam:

• The sender will be “unavailable” for a few hours to discourage checking with them by phone.
• The sender needs the cards in a short period of time.
• The sender will promise to reimburse the employee when they are back at the office.
• The sender asks that the gift card numbers be sent to them.
• The sender does an assumptive close by complimenting the employee on “saving the day”.

Employees should be wary of any type of request involving gift card purchases and should check directly with their supervisor if any are received.

Ensure Your Employees Have Access to Instant IT Help

Phishing can be even more dangerous when employees are working from home and cut off from their normal office support system. Get them the help they need to stay protected through Sound Computers’ remote IT support. We can help with multiple issues including security and system performance.

Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.