Please fill in the form below to subscribe to our blog

Holiday Shipping Scams Disguise Ransomware

December 21, 2020
holiday shipping scams represented by a hacker n a hoodie peering out between a monitor and keyboard

Keep Employees from Falling for Holiday Shipping Scams to Keep Ransomware Out

In the busy holiday season, we’re all in a rush to get things done. This year, most people have done more of their shopping online because of the pandemic, creating both a glut of packages that have clogged up mail and shipping systems worldwide and anxiety about whether or not those packages will arrive in time for Christmas. Combine those things together, and you’ve created a perfect environment for cybercrime. Bad actors aren’t wasting any time – they’re taking advantage of this golden opportunity to lure unsuspecting users into holiday phishing scams that are rife with ransomware, and that’s bad for your business.

Nobody Wants This Gift

How do holiday phishing scams impact your business? By opening you up to the possibility of ransomware or another damaging cyberattack. With an increasingly blurred line between work and home devices these days, it’s not hard to imagine that at least some of your employees are handling their personal email or messaging on work devices or using work tools. That means that if they’re engaging in behavior that’s dangerous on those devices, they’re creating danger for your business too.

A recent rash of ransomware-laden email has been extensively reported, most following the same pattern:

  • Cybercriminals hit their targets with spea phishing emails designed to fool them into thinking that the messages are legitimately from UPS, FedEx or another shipper.
  • The message notifies the target that there’s been a delay in shipping something that they ordered online.
  • It also supplies a tracking link for users to track their missing package.
  • Except, the tracking link is really a ransomware trap, and as soon as the victim clicks on it they unleash disaster.
  • Learn how to stop that with BullPhish ID

Email Threats Aren’t One Size Fits All

Attacks like this are always popular around the holidays, but they’ve grown even worse this year. One group of cybersecurity researchers reports an increase of 440% in shipping scams between October and November 2020 alone, with 43% more scams in November 2020 than November 2019 – and 65% of those scams used fake Amazon notifications as their bait.

In today’s threat atmosphere, staffers need to be ready to spot a phishing scam no matter where it comes from. Using fake Amazon messages is very smart considering how many of us shop there regularly. For bad actors, this is an easy and cheap way to deliver ransomware or steal credentials through fake links in phishing emails. So how can you stop them?

Does Your Staff Know That Phishing Comes in Many Disguises?

It pays to make sure that your staff is ready to defend your business against today’s biggest threat: phishing. They also need to know that phishing isn’t always done using a fake email attachment these days – cybercriminals are increasingly turning to social engineering combined with spear phishing through SMS, IM or spoofed email messages in order to entice users into taking an action like clicking a link.

Improved security awareness training that includes strong phishing resistance training is mission-critical in this atmosphere. Your staffers can’t defend against threats that they don’t recognize. Companies that conduct frequent security awareness training to keep employees up to date on the latest threats experience 70% fewer cybersecurity incidents.

Solve that problem with BullPhish ID. Our dynamic phishing resistance training solution includes more than 80 plug-and-play phishing simulation campaign kits covering a wide variety of threats. We help you keep them updated on today’ss threats, including COVID-19 scams (which are still going strong). We also add 4 new campaign kits every month to ensure that your staff is up to date on the latest threats.

Prevent Your Business From Receiving Unwelcome Gifts

Don’t wait until you’re stuck with the expense and headaches of ransomware mitigation and recovery to contact a specialist that can help you find your security holes. Every company needs to improve security awareness training and refresh it every 4 months to keep it effective. Contact ID Agent today to learn more about protecting your business from phishing threats fast.