With ‘Black Friday’ just around the corner, this year on 23 November, South Africans are preparing once again to embrace and make this popular American shopping day their own, where retailers offer massive discounts for both online as well as bricks-and-mortar shoppers. But be warned – in the same way that scammers come out to try and relieve people of their money in the physical world – the beginning of the November/December retail season brings out the cyber-thieves online also.
This is according to an F5 Networks report, ‘2018 Phishing and Fraud Report: Attacks Peak During the Holidays’, which points out that this time of year, when many in the western world start preparing to wind down for the holidays, is: “… also peak season for phishing, when scammers use e-mail, text messages, and fake websites to trick people into giving up their personal information. It’s ‘prime crime time’ when phishers and fraudsters creep out of their holes to take advantage of people when they’re distracted: businesses are wrapping up end-of-year activities,; key staff members are on vacation; and record numbers of online holiday shoppers are searching for the best deals…”
Simon McCullough, major channel account manager at F5, says, “Unfortunately, cyber criminals don’t necessarily take time off to celebrate the holiday season, which is a prime time for all kinds of phishing attacks. During this time of year, when people are frantically starting to try and wind down their workloads, and are perhaps too busy and distracted to pay proper attention to all the e-mails they have to open, it’s easy for hackers to try and take advantage by sending out mischievous fake e-mails with the aim of stealing credentials and other confidential information. If your employees view these malicious e-mails on your network, your company could be at risk of a major breach.”
The report, which is based on data from a variety of sources, including the F5 Security Operations Center (SOC) and F5’s data partner Webroot, looks at phishing and fraud trends over a year, the top impersonated companies in phishing attacks (by both name and industry), the growth rate in phishing attacks and the fastest growing targets. The report outlines some of the following pertinent facts:
- Fraud incidents in October, November and December jump over 50 percent from the annual average. Employees need to be warned and trained how to recognise phishing attempts and reduce their click-through rate on malicious e-mails, links and attachments.
- With the cloning of legitimate e-mails from well-known companies, the quality of phishing e-mails is improving and fooling more unsuspecting victims.
- Financial organisations are the fastest growing phishing targets heading into the ‘holiday phishing season’ but F5 expects also to see a rise in ecommerce and shipping.
- In order to guard against employees who can fall victim to phishing attacks, security professionals are advised to make sure their organisation’s protection includes web filtering, anti-virus software and multi-factor authentication.
Anton Jacobsz, managing director at Networks Unlimited, a value-added distributor of F5 in Africa, concludes, “As this retail prime time season approaches, we know that many shoppers are more concerned with getting themselves a good deal than avoiding phishing scams. Scammers send malicious e-mails and messages to consumers to try to obtain credit card details, usernames, passwords, and other sensitive information, and so, to avoid being taken advantage of, it’s important for consumers to be on the alert for the signs of a phishing scam and only shop at trusted sites. As with most cyber threats, phishing can be guarded against using a combination of people, processes and technology – there are steps that can be taken to fortify your organisation and empower your employees. Reading this report from F5 Networks is a mine of useful and current information in the ongoing quest to safeguard your network against those of malicious intent.”