Let’s start the “Wednesday Bit” for 2024 with a tale of phishing emails, but first…
I hope you had a Happy Christmas and New Year. Diana and I did. We did take some time off, spent it with family, travelled a bit and paid rather less attention to our email than we normally do. I hope you all did something similar – we all need a break.
Guess who does not take a break?
Phishing Email Scammers!
Christmas and New Year Phishing Email Campaigns
Let me state right now, cyber criminals are not stupid. They carefully consider when to attack you and your organisation, looking for those times when you and your team are not quite paying attention. To quote Dire Straits, if we “abolish Monday mornings and Friday afternoons“, then the threat actors would have less opportunities to get at you. Friday afternoon is a very popular time to send in those phishing emails, when you and your team are possibly thinking more about getting out the door for the weekend rather than your cyber security. Monday morning likewise after a good weekend how quickly does your cyber security sense return? But we cannot abolish Christmas. Can we?
That Christmas Phishing Email
I have an Apple Watch, a present from Christmas 2023, and because of the watch email notifications, what I noticed over this Christmas period was a huge increase in Microsoft emails telling me “…here is your code to change your password”, “please click on this link…”, “please confirm…”. A quick check on my Linux machine showed most of these were trying in one way or another to get me to share my 365 credentials with them. They were hoping whilst in the party spirit my guard would be down. It wasn’t and hope yours wasn’t either as I am sure I was not the only one receiving these phishing emails.
Phishing Email is not just for Christmas
Of course these types of attack are relentless. Anti-virus and spam filtering remove a lot of the obvious stuff but the threat actors are constantly refining their attacks to evade these technical defences – that is why you and your people need cyber security awareness training.
Someone watching your stuff 24/7
The other thing that corporates have is continuous cyber security monitoring, which includes a team ready to react to issues even when their employees are asleep or enjoying Christmas. We have this type of cyber security and we have clients who have also invested in this type of cyber security. Do you think it may be time to take your cyber security seriously enough to get on board and join our Security Operations Centre?
Not sure? Then get in contact and I will send you an invite to our webinar where we have industry expert John O’Mahony, explaining how small organisations can leverage this level of cyber security.
I am looking forward to seeing you there.
Clive Catton MSc (Cyber Security) – by-line and other articles
p.s. There is a second part to this article over on CyberAwake:
Bugged by Phishing Email Attacks (pt. 2) – CyberAwake
Further Reading
Photo by cottonbro studio