Christmas and the holiday period gives malicious actors plenty of material to work with when developing realistic social engineering hacks. Here are some of the key things you need to keep an eye out for.
1. Make sure your social media profiles are private
For social engineering attacks to be successful they need to include enough correct personal information to make them realistic. For example, posting pictures to social media while you’re on your Christmas holidays means hackers can use this to impersonate you to colleagues, asking for confidential information or an ‘urgent’ money transfer to a ‘supplier’ as a favour while you’re out of office.
2. Keep ‘Out of Office’ messages as minimal as possible
As with the above, the more information you give about why you’re out of office, where you are and for how long, the more details cyber criminals will have to craft convincing phishing emails to your colleagues.
3. Beware of Christmas offers sent by email
Ransomware attacks – often introduced via email – increase up to 30% over the Christmas holiday period. It’s the time of the year when you receive a deluge of emails from different shops with special offers, so hackers can easily mask their phishing email. As a result, avoid clicking links in emails, particularly from unknown senders (even if they look like legitimate brands).
4. Don’t have personal shopping delivered to the office
As online shopping becomes the norm, it’s common to have parcels delivered to your office for convenience. Particularly around Christmas. But a high volume of personal parcels makes it easier for people to sneak malicious hardware into the building through warshipping. To prevent this, offices should not allow staff to receive personal parcels.
5. Don’t drink and email
It’s not uncommon for people to think they’re sober enough to answer a few emails after the Christmas party. According to a poll by Cybereason, 70% of respondents admitted to being intoxicated while defending their company against ransomware! This is unlikely to end well. One click on a malicious link could result in you introducing malware into the company network, so log off before the party.