The Christmas phishing flood is coming

Credit: ID 98297727 © Aleutie |

The couple weeks leading up to Christmas is always a chaotic and overwhelming time. You are attending Christmas social events, pulling late night work shifts to try and get your work finished before we all leave for that well-deserved break. Then there is the Christmas shopping, fighting those dreadful crowds to get that perfect gift for someone special. I have to say the lead up is not such a great time (No I am not a Grinch, I really enjoy the Christmas and new year break with my family – it’s just that lead up to the break that really gets under my skin). 

The stress during this time of year is not just caused by the above but something even worse, as you all know I am a security professional trying to help our customers keep cyber safe in this lead-up, as this is a time of year in which cybercriminals really turn up the heat.

During these weeks you will all see a flood of system attacks and phishing scams like no other time of year. Maybe the cybercriminals have overspent on Christmas gifts this year and need to fill up their coffers with cold hard cash again before the New Year so they can meet their repayments on their mansions or Bentley they just bought and now can’t afford the repayments on (Poor cybercriminals). Okay, jokes aside I feel that the reason criminals choose this time of year to launch a big offensive is it is a really good time for them to scam money out of the unsuspecting victims.

You are all focused on leaving for your break and just want to be helpful to your fellow staff/customers, so they can all do the same. So, when Alfred or Jo from your Product development team asks you to pay a last-minute invoice, so an order can be completed before leaving for the year you just do it (you don’t notice however the email address it is coming from is not an internal address and nothing to do with them at all). What about the accounts team at one of your suppliers reaching out indicating that they have changed the primary account information that they use and to make all future account payments to the new account (you would normally verify the change request with them via phone prior to making a change like this but you just wanted to help them out and get home to get ready for your partners work party – a mistake you will certainly regret in the new year).

Look I know it’s a busy time of year and sometimes mistakes are made when we are under pressure, but have you prepared your team and business for the flood of phishing/scam emails they will certainly receive in the next few weeks? Have you done some user awareness training to help teach your teams how to pick these scams out of the flood of legitimate emails they are certain to receive?

Yes, I can see some of you rolling your eyes at me or throwing your hands in the air saying that it is too late to do anything now but that is just a cop-out. There is plenty you could still do to help protect you and your team. If you don’t have email filtering services to catch the bulk of these scam emails (yes it won’t catch them all but better to have it then not have it – Trust me on that). You can still get this implemented if you move quickly and the benefits will be far reaching as you move into the new year.

It’s a bit late to organise onsite user awareness training probably (you never know though, it would be worth reaching out to a professional to see if it could happen) but it isn’t too late to send around some basic training information to your team that can help them spot a scam email, this is something most providers of user awareness could easily assist you with to help your team be just that little bit safer.

Please do yourself and your business a favour and prepare for the phishing flood why you still can, if you don’t know where to start reaching out to me or a local security professional most will be more than happy to point you in the right direction. Competition aside we are all here in this industry to achieve the same results, make your businesses safer and reduce the risks of a cyber incident especially over the festive season.

So, let’s put some extra effort in over the next few weeks so we can better equip everyone to withstand the cyber Grinch and have a truly enjoyable Christmas and new year. Till next time… 

Tags cybercrimescamsChristmas Securitycybercriminals

Show Comments