KT Connections Blog

KT Connections has been serving the Rapid City area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Holiday Season is also Spear-Phishing Season


For a hacker, there’s no such thing as a holiday break. As a matter of fact, some attack vectors are seen more commonly during this time of year. One of these attack vectors, spear phishing, becomes a particular favorite for many hackers. In order to stay safe, you need to be more careful on social media, webmail, and ecommerce sites.

The Inherent Risks of Shopping Online

Online shopping, much like regular shopping, can put your data at risk. Just like someone might swipe a purse out of a cart in the moment that you’ve turned away, hackers can use a variety of tools to make off with your personal data as you shop online. Alternatively, online shopping can also give hackers the opportunity to infiltrate your systems, often via spear-phishing attempts.

How Spear-Phishing Works

Spear-phishing is popular among cybercriminals as a means of beginning a larger attack, as it often provides the hacker with the means to access their target. Newscenter1 reported on the phenomenon as it related to stolen taxpayer data in July of 2017, but the chain of events is essentially the same.

In their article, Newscenter1 accurately describe a spear phishing attack, starting from the point when an attacker sends a targeted email to a particular recipient after the hacker has done some digging. The recipient is urged by the message, which appears to be from a trusted source or authority figure, to click through an included link. However, clicking the link only allows the hacker to continue their attack, having gained access to your systems.

While some of these attempts are almost comically transparent, many are not. This is why you need to protect yourself and your business from the efforts of these clever cybercriminals. This may be most true during the holiday season.

Phishing by the Numbers

Phishing attacks have historically been the vector of choice for cybercriminals to use during the holiday season. In 2015, phishing attacks were considerably more common on social media, increasing by 80%, webmail applications, increasing by 59%, and increasing by 41% on ecommerce websites.

At the same time, cloud storage and hosting saw 27% fewer phishing attacks, and the financial industry--usually a prime target for attacks--saw a reduction in their frequency as well.

It also doesn’t help that businesses can often make it easier for these cybercriminals to put these kinds of attacks together.

Bypassing the Human Security Measures

Unfortunately, spear-phishing attacks leverage one of the weakest elements of your security in order to work: the human element. Cybercriminals leverage human nature to give their schemes the best chance of working, technology aiding them in this deception. For one example, let’s look at a feature that will be used heavily this holiday season and determine how a hacker could use an Out-of-Office email alert to create a trap.

Let’s say you plan to be out of the office for a time, and you set up an Out-of-Office alert. Sharing too much information could lead to a data breach in a few simple steps. First, if you name your manager specifically in your Out-of-Office message, you’ve just given the cybercriminal the next person to contact. Thing is, they’ll contact them posing as you.

Combining the other information that is often found in an Out-of-Office responder, like travel dates, with other information that can be found online, a cybercriminal could reach out to your manager posing as you and deliver an infected attachment. Of course, your manager will probably open this attachment--it is from you, after all--and the cybercriminal has successfully infected the business network. Cybercriminals have also figured out methods to make their messages more convincing--including the time of year. Leaning on the assumption that people will forgive misspellings and grammar issues due to the shared stress of the season, hackers can create an email message that appears legitimate.

There are other ways that a hacker can make their message more effective, too. Including a picture of the person who supposedly sent the message has proved effective for many cybercriminals, as has marking the message as high priority or rush. A particularly devious method many cybercriminals use is to send the message to an executive who is out of the office, who will glance at it briefly before delegating it to an employee. This employee then finds themselves opening a phishing message sent to them by their boss.

Staying Safe

There are many means of avoiding phishing attempts, but they all boil down to remaining vigilant as you check your email. If you ever question if an email was sent from who it was supposedly sent by, verify that that person sent the message by phone. You should also not access links found in the email from the email--instead, copy and paste them into your browser so you can look at them closely and check for any spelling errors in the URL. There should also be HTTPS at the beginning of the URL, as this tells you that the website is secure (and therefore less likely to infect you). Finally, keep an eye on your credit card statements and if there are any unexpected charges, make sure you report them.

Remember, if it’s too good to be true, it probably is. A holiday miracle isn’t going to appear in your inbox. If anything, it’ll be the opposite. For more help with keeping your information secure, reach out to us at 605-341-3873.

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Privacy hackers Technology Email malware Network Security Cloud Internet Business Computing Google software User Tips Business Ransomware Efficiency Backup Data Small Business Mobile Device Management IT Support IT Support Microsoft Computer Android Phishing Smartphone Windows Hosted Solutions Productivity Network Gmail Managed IT Services Money cybersecurity VoIP Mobile Devices Facebook Hardware IT Management Data Security communications Microsoft Office Windows 10 Data Management Internet of Things Operating System Business Continuity Cloud Computing Alert Artificial Intelligence data breach End of Support Apple vulnerability Office 365 Update Bandwidth Managed IT Services Robot Smartphones Outlook Unified Communications Outsourced IT Social Media IT Services Cost Management Hard Drive Data storage Passwords Communication Upgrade Nextiva BDR Business Management security cameras Disaster Recovery Encryption Antivirus Networking App Hacking Data Backup Digital Events Access Control Data Protection Big Data Word The Internet of Things Innovation Apps Patch Management Event Marketing Law Enforcement Local Buzz BYOD Gadgets botnet South Dakota Project Management WiFi Analytics Automation YouTube vulnerabilities Best Practice Collaboration IoT Holiday Server security solutions Remote Monitoring Google Wallet Spam Social Engineering Google Docs Firewall Legal Customer Service Productivity IBM Search Browser Google Maps Scam Windows 10 Save Money Lunch and Learn Information Security Bitcoin Document Management Data Recovery SaaS Saving Money Drones Start Menu Information Technology Cryptocurrency History Politics News Excel Cybercrime Cabling Music Business Mangement Safety Specifications Websites Webcam Penetration Testing camera Tip of the week Government Writing Access botnet attack Corporate Profile Social LastPass Microsoft Bookings Television communication device Programming Software as a Service Phishing Scams Budget Remote Computing Rebrand macbook Virtual Assistant Virtual Reality Redundancy Worker Education Spyware Black Market Cloud Backup Google Drive Hack Experience booking process Audit Mouse business owner Rapid City Virus File Sharing IT Consultation DDoS attacks Applications Mobile Device Retail Web Servers Virtual Machines Telephony Local Technology Sports Event Maintenance Memory SharePoint communication solutions IoT Devices Wireless Technology Law IT Workers IT Assessment Solid State Drive Physical Security Tips and Tricks DDoS Hard Drive Disposal Managed Service Provider Internet 101 LiFi Cache Business Growth Risk Creep VoIP Network Congestion Sales Tax security precautions Virtualization Mixer Fortinet identity theft IT Security Society Lawyers Deep Learning Samsung Streaming Media IT Strategy Internet Connected Devices email scam Dell ’s Sonicwall Global Management System Emergency Microsoft Office 365 Visible Light Communication media experience IT for Oil Companies Vendors Business Security Freedom of Information Laptop Windows 8 IT Solutions Office Tablets Windows XP Administration Unified Threat Management How To eWaste Password Business Technology Microsoft Office 365 features Website Communications information Risk Management Time Management Mobility Compliance Community Involvement Printing face Fake News Tablet Tech Support Attorneys Vendor Management Computing Infrastructure Disaster Advertising Phone System Flash Kaseya Unified Threat Management Download Downloads surveillance cameras Microsoft Excel enterprise productivity software SOX Printer Managed Services Monitors Virtual Desktop Hosted Solution Content Filtering Cortana Hardware as a Service Settings Kaseya Connect healthcare Google Calendar Trend Micro Sarbanes-Oxley Act Business Cards Displays Computer Care Managed IT AtomBombing password manager LastPass Knowledge HaaS Conference Business Comunications Workplace Tips Distributed Denial of Service Email Security tool Business Communications Google Play Store Blockchain Fast food End User Testing VPN Running Cable Press Release Proactive IT Chamber of Commerce Quick Tips user confidence appointment Tech Terms Bluetooth Uninterrupted Power Supply Vendor Mangement Cleaning Touchscreen Office Tips Comparison Employer-Employee Relationship Sync Employer Employee Relationship Messenger Miscellaneous Digital Payment Private Cloud breach methods Microchip Downtime In Internet of Things Books Motion Sickness Public Cloud Taxes Piracy Reading Telephone Systems Machine Learning Paperless Office Users Hiring/Firing Bring Your Own Device Health Software License Administrator Relocation Banking Hacker 3D Printing base infrastructure Hacks CCTV Automobile Phone Systen security solution IT service Web Server Notifications Work/Life Balance Meetings Business Metrics end-of-support date Ordinary Computers CrashOverride holiday season Emails Marketing Rental Service Wi-Fi Chromebook collaboration capabilities UTM Tracking Flexibility quantum computers holidays Supercomputer Documents Threat management Reliable Computing Text Messaging scammers IT Consultant Twitter PDF Computing Scalability network security professionals Protection scams G Suite Training Language Computer Malfunction Travel Playbook Processors