Fri, Jan 15, 2021
It’s the time of year when many of us will be taking a well-deserved break, but unfortunately for consumers and organisations, cyber criminals don’t take holidays.
A year of unprecedented alarm and uncertainty, coupled with the growing sophistication of cybercriminals, has nurtured the perfect breeding ground for online scams, which according to the Australian Competition and Consumer Commission (ACCC) have jumped a staggering 42% this year—with nearly AU$7 million lost.1
Each year, the Australian Cyber Security Centre (ACSC) warns consumers and organizations to be extra vigilant online, highlighting the range of online threats that proliferate around the festive season period. This typically includes phishing emails with ecards containing malicious links or spoofed emails requesting support for fraudulent charities or causes.
Phishing emails are a common way for cyber criminals to get into a network. Individuals, whether at home or work, who think they are clicking on a link to donate money to a charity or downloading a holiday card may in fact be inviting cybercriminals to compromise an email account or leave behind a banking trojan, which can be used to steal credentials or deploy a ransomware attack.
Common phishing scams this holiday season also include emails seeking donations for fraudulent or fake charities. While for many Australians, the festive season is a time for giving, unfortunately, cybercriminals aren’t so civic-minded and, if given the chance, will exploit community goodwill for financial gain.
Illegitimate charity websites are easy for criminals to develop and difficult for donors to detect, which makes the festive season a particularly lucrative time of year for cybercriminals.
In underground markets and chat platforms where cybercriminals advertise their services, Kroll frequently observes vendors offering services to facilitate phishing attacks. Others are selling entire databases that may be used for identity theft, and in turn, to apply for loans or credit cards in the name of the stolen identity.
A quick glance at the dark web reveals that some personal information is being advertised for as little as AU$10, with popular items for sale, including:
Cyber security awareness and good cyber hygiene are key to avoiding cyber scams. Best practices include:
Scammers may pose a significant threat this holiday season, but research and due diligence can help ensure a safer online experience.
Source
1https://www.accc.gov.au/media-release/watch-out-for-online-shopping-scams-this-holiday-season
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.