Six tips to protect your organisation from holiday scams

With the winter holiday season fast approaching, scams targeting online shoppers will be on the rise. Attackers and bad actors will go to any lengths to get your data and hard-earned cash using techniques including phishing emails and mobile texts containing links to fake websites designed to look like legitimate brands.

All it takes is one employee or user to open an authentic-looking phishing email or text on a corporate device, click on a link to launch what’s claiming to be a real-life website, and your business could be under attack from ransomware, malware, and other nasty threats that will place your organisation, network, apps, and data in danger.

So, here are six ideas to help educate and protect your organisation, and your employees and users, from attacks.

1. Remind employees and users their work devices shouldn’t be used for personal business, especially shopping.
2. Schedule refresher phishing training to coincide with the upcoming holidays. Or send a reminder to employees and users not to access personal email or texts on work devices, and especially not to open unsolicited emails or texts. Or, not to click on links in any email or text. Instead, they should directly access the URL and website of the source company.
3. Point out that, even if a website, text, or ad may look legitimate and be encrypted—with the little padlock in the URL address—it may be a route to a phishing website. They shouldn’t provide any credentials, including login info, or personal or financial info on the site. Again, they should access the source company’s URL and website directly.
4. Note that an email, text, or ad promoting any deal that sounds too good to be true is likely a trap. Don’t click on the provided link. Always go directly to the retailer, e-commerce company, or manufacturer’s website to find the item. The same goes for items that are sold out on any website but available—and only for a limited time—from a single source. Don’t click that link!
5. Tell employees and users if they receive an email or text about an upcoming delivery that includes a link to track the order, says the order is lost and provides a link to trace it, or provides any other link, to not click the link but to go to the provider’s web page directly and track or trace their order from there.
6. Be wary of emails or texts from delivery services asking for credit card or other personal or financial information in order to deliver a package. Again, go to the provider’s web page directly to track or trace the order.

Unfortunately, these types of reminders and warnings may not be enough. All it takes is one employee or user to slip up and click a link, and your business can be negatively affected.

That is why it’s always worth having additional layers of security in place – especially to defend what matters most:  your apps, APIs, and underlying infrastructure. Organisations should also consider bot protection that can secure web and mobile apps and APIs from automated attacks, which can quickly escalate to advanced emulation of human behaviour.