Security Awareness – ’Tis the Season to be Scammy, Fa-la-la-la-la…

Like the Grinch who stole Christmas, cybercriminals long for this time of year, to steal money and information from those of good cheer

By Jennifer Lyn Walker

Instead of getting ahead on our holiday shopping, FB-ISAO wishes to get ahead on our holiday shopping cyber scam reminders – and we aren’t the only ones. The FBI is also among those forewarning of folly this holiday season.

Even those accustomed to shopping online in 2020 may be looking forward to escaping the drone of the past year by indulging in some lighthearted online holiday shopping for their loved ones and forget this year’s National Cybersecurity Awareness Month theme to do their part and #BeCyberSmart. Therefore, as we quickly approach Black Friday and Cyber Monday, it is never too early to remind everyone of the seasonal shopping scams that plague the cyber threat landscape.

In addition to the usual “too good to be true” spam and scams from suspicious sites, phishing emails, or ads offering items at inconceivable discounts, an increase in holiday bonus gift card impersonation scams should be anticipated. We wouldn’t put it past scammers to use the “after such a challenging year” ploy to cajole COVID-weary employees or volunteers into unwitting accomplices to help the boss secretly procure gift cards to use for things like company bonuses or charitable donations. But whatever the financial or information-stealing theme, employees should be repeatedly reminded to never act on such requests. But since it may be excruciatingly difficult to tell “the boss” no, it is up to bosses and leaders to empower employees and volunteers to not act and to report said activity. Likewise, it is up to bosses and leaders to make any such special, secret, or surprise requests in-person, and not through an email or text.

While faith-based and charitable organizations are prime targets for holiday gift card impersonation scams of good cheer, there are other tactics to be wary. For more on holiday related phishing, spear phishing, vishing (voice/phone phishing), and smishing (SMS/text message) scams, visit Threatpost for a quick overview.

Finally, to make these and other security awareness reminders simple, members are encouraged to review and pass along the following timeless (and updated) easy to read online shopping safety resources from the National Cyber Security Alliance and Cybersecurity and Infrastructure Security Agency: