Christmas is a time for giving but this Christmas we are asking you, not to gift your data to criminals. Owing to the strange circumstances we have all found ourselves in, these past few months, we are now more than ever, engaging with each other and carrying out our purchases, online. With the Christmas season rapidly approaching cyber-criminals will increase their rate of attack in an attempt to gain access to your most valuable commodity, your data. Most attacks are only successful because they persuade you to take and action and grant the criminal access to your device and/or your data.
Here’s an example (true story); This morning I received an email by a named person whom I have never met nor have I ever had dealings with online and who was gifting me an Amazon Gift card. Isn’t it just wonderful to think that there are such generous selfless people out there who reach out to random strangers and give them something, for nothing in return? Unfortunately, while there are no doubt selfless people out there, not all that many send gift cards with a monetary value to hundreds or even thousands of strangers. This is, of course, a scam and not a particularly sophisticated one at that and so most of us would identify it as such, however, they fool enough victims to make it worth their while. If I was to click on the link provided to receive my generous gift then I will very likely compromise any data I have access to, both on my machine and within the network, I am connected to. There are many variants of these scams but in general, they require you to take and action such as clicking on a link and while they may look legit and sent by brand or person you are familiar with, it is very easy for the criminals to spoof a legit entity.
“Beware of Greeks bearing gifts” is a well-known proverb and refers to the famous Trojan Horse used by the Greeks to enter the city of Troy, under false pretences. The Trojan metaphor is very common in the world of cyber-security and now you know why. It is very rare to get something for nothing (or is it just me?) and so this one time you are being encouraged to be a Scrooge this Christmas and Don’t Gift your Data to Criminals.
The following tips might help save your data and ultimately your company or job if you are the employee who might click on a malicious link.
- Christmas messages from an untrusted source that asks a user to click a link, play a video/audio file etc. should not be viewed. Even if the source is trusted extreme caution should be exercised as the source itself may have been compromised.
- Do not enter your account credentials if you receive an unsolicited email pertaining to be an online shipment company without verification first. In the event of users wishing to query the status of a particular item, they should take note of reference numbers etc. provided at the time of original purchase and ensure that these match any subsequent correspondence.
- Be particularly vigilant around new-year and Christmas eve when the volume of messages both legitimate and malicious increase greatly with people sending Christmas and New Year greetings.
- When purchasing goods online, or just browsing websites, make sure each site you visit starts with “HTTPS” (S stands for Secure)
- Deploy Two Factor Authentication (2FA) on all of your personal accounts where possible.
- Secure your mobile device.
- Make sure to update the device software and applications to the latest version.
- Select the most secure settings on your device.
- Do not reuse the same password across different accounts and do create strong complex passwords. Use a reputable password manager than can securely generate and store your secure passwords.
If you have any concerns, feel that you may have been the victim of an attack or just concerned about the security of your IT systems then please don’t hesitate to contact us on (01) 8424114 or firstname.lastname@example.org and we’ll be happy to put your mind at ease.