‘Tis the season of cyber attacks: How to protect your business

Cybersecurity · Dec 14, 2023

Phishing is a persistent and
evolving cybersecurity threat
that targets people, organizations and institutions worldwide.
This threat is one of the three most common cyber attacks in Canada
, and only 50% of Canadian organizations have a formal protection plan in place against cybercrimes.
This particular cyber attack involves online fraud in which cybercriminals pose as trustworthy entities to deceive people into revealing sensitive information, such as login credentials, financial details or personal data. These deceptive tactics often involve sending fraudulent emails, text messages or messages via social media platforms to trick people into taking actions that compromise their security. 
Unfortunately, phishing attempts become more frequent and elaborate during the holiday season. This threat
has become one of the most sophisticated and highly effective form of cybercrime
as social engineering is used to exploit both people and businesses that may be vulnerable. By staying vigilant and proactive, your organization can avoid falling victim to holiday-season phishing attacks. Here are valuable insights to help you understand threats and mitigate risk.

The rise of phishing attacks around the holiday season

Cybercriminals are known to exploit vulnerabilities
around increased online activity and consumerism as sensitive information is shared across various platforms and websites. Here are some reasons why phishing attacks are on the rise with the holidays just around the corner:
1. Increased online shopping and financial transactions 
During the holiday season, a surge in online shopping provides cybercriminals with opportunities to launch phishing scams, send phishing links or create fake e-commerce websites to
steal financial information
2. Distracted users and social engineering tactics 
Festivities and celebrations can lead to distracted online behaviour, not to mention holiday emotions that get exploited such as generosity, making users more susceptible to social engineering tactics and phishing attempts. 
3. Reduced IT staffing 
Many organizations operate with reduced IT staffing during the holidays, creating opportunities for cybercriminals to exploit unnoticed vulnerabilities.
4. Less system patching 
Some organizations delay applying software
and updates during the holiday season, creating opportunities for cyberattacks.

Protecting your organization during the holiday season

It’s crucial to recognize the signs of
phishing attempts
, educate employees and implement security measures to protect against this evolving threat. Here are the
most common phishing techniques
that may be easy to miss among all the promotional emails people get during this season. Here are some potential threats to watch out for: 
  • Emails that appear to be from reputable sources 
  • Websites that mimic legitimate organizations
  • Malicious attachments or links
  • Social engineering tactics created to manipulate emotions and behaviours
Read the guide,
Protecting against cyber threats
to learn how to safeguard your customers, people and business.

The most common phishing attempts during the holidays 

With phishing attempts taking centre stage in the digital landscape, malicious players leverage various strategies to exploit the season's goodwill, making it imperative to stay vigilant against an array of
cybersecurity risks
, such as:
1. Digital payment-based scams 
Phishers use well-known payment applications as a ruse to steal sensitive information, posing as online payment services like PayPal, Venmo or TransferWise. 
2. Finance-based phishing attacks 
Scammers impersonate banks or financial institutions, invoking fear or urgency in victims to gain personal information or credentials. 
3. Work-related phishing scams 
Attackers pose as executives or colleagues, requesting wire transfers or fake purchases, targeting employees and potentially compromising the organization's security. 
4. Fake charity campaigns
Cybercriminals exploit the giving spirit of the holidays to create fake charity campaigns, diverting donations for their gain and potentially stealing personal and financial information. 
5. Ransomware attacks 
Ransomware attacks
increase during the holiday season
, often launched through phishing campaigns. These attacks can have devastating consequences for both employees and organizations. 
6. DDoS attacks 
Distributed Denial of Service (DDoS) attacks
can also become more prevalent
during the holidays, targeting organizations when networks are already strained. 
7. SQL injections 
SQL injection attacks are common during high-activity periods like the holidays, exploiting vulnerabilities in web applications. Cyber criminals use malicious SQL code for backend database manipulation to access information that's inaccurate or not meant to be shown.
8. Stolen credentials 
Attacks using stolen credentials are on the rise, with threat 'actors' successfully executing high-profile breaches through a combination of stolen credentials and social engineering tactics.

Preventing phishing attacks

To protect your organization during the holiday season and throughout the year, consider implementing the following security measures: 
  • Establish a comprehensive holiday strategy, including an emergency plan and a 24/7 available response team
  • Partner with a managed service provider to enhance your organization's cybersecurity response
  • Conduct a pre-holiday audit to validate infrastructure, patch vulnerabilities and ensure compliance with industry security standards
  • Keep systems up to date, including firewalls, antivirus software and anti-malware tools
  • Provide training and education to employees, emphasizing the importance of identifying and avoiding phishing attempts. You should focus on helping them verify the legitimacy of emails and website links. It’s also important to help employees learn how to report suspected phishing messages so they can be investigated and blocked by the organization
  • Implement the use of strong, complex passwords and password managers
By maintaining a proactive approach to cybersecurity, you can safeguard your organization's data, reputation and financial assets while also protecting your employees' personal information during the holiday season and through the new year. With the right partner, you can elevate your defenses to a new level, as they can provide multi-layered solutions tailored to protect your organization even before threats arise, ensuring long-term security efficacy.

Connect with a managed IT specialist today
to learn how TELUS Business can help with your evolving IT needs.
Authored by:
TELUS Business
TELUS Business