Don't Let Hackers Have a Holiday with Your Information

Download a PDF of the alert

Risk Management Question

As the 2019 holiday season quickly approaches, you can expect a flood of holiday-themed scams. Malicious actors are ready and waiting to exploit the goodwill of the holiday season by trying to trick us to divulge sensitive information or download malicious software. What are the best ways to protect against these holiday hackers?

The Issue

Phishing emails masquerading as holiday party invitations are growing in popularity, and when malicious actors include other techniques such as email spoofing, the resulting email can be difficult to differentiate from legitimate communications. The screenshot below shows an example of a phishing email you may receive during the holiday season. The sender claims the email is an invitation to a firm holiday party, and by clicking on one of the two links within the email, the recipient can RSVP. In reality, clicking either link will result in the installation of malicious software.

Not all holiday-themed phishing emails will look like the one above. Others may ask you to click on a link to claim an unexpected gift or purchase popular products at discount prices; be cautious when offered unexpected gifts or offers that seem too good to be true via email.

Risk Management Solution

If you receive an email you were not expecting—even from someone you know—inviting you to a holiday party, call the sender before clicking on any link in the email. We have reached the point where everyone should have zero trust in any email communication. Sophisticated spoofing techniques can make any email look like it's from someone you know. And, be especially careful if you do not recognize the sender's email address. If you accidentally click on a link, close out of the email immediately and have a virus scan run on your computer. Don't let a hacker spoil your holidays.

Happy Holidays from Hinshaw! And remember, always think before you click.