Skip to content
+1 512 696 1522
Facebook page opens in new windowTwitter page opens in new window
LUCY Security
LUCY Security
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Pricing
  • Resources
    • Custom Awareness Video
    • Download
    • Partners
    • Support
    • Video Library
    • Documents
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
  • English (English)
    • Deutsch (German)
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Pricing
  • Resources
    • Custom Awareness Video
    • Download
    • Partners
    • Support
    • Video Library
    • Documents
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
  • English (English)
    • Deutsch (German)

Blog Post: Phishing Season

Phishing Attacks in the Holiday Season

Before and during the holidays, the Christmas business is booming: Especially in COVID times, many people turn to online shopping in order to have the products and gifts delivered straight to their homes or to their loved ones, rather than to expose themselves to the risk of infection in the walk-in shops. In 2019, Christmas sales in online retail were around 14.7 billion euros, according to the HDE.

This creates optimal conditions for fraudsters: While looking for the best bargains, you can quickly succumb to a cyber attack. These cyber-attacks occur in 97% of all cases through “human” security holes and are not caused by poor technology. 96% of data thefts take place via so-called phishing mails.

The attackers are extremely clever

The phishing attacks currently observed, attempt to gain access to the victims by writing e-mails on behalf of known organizations. This technique is called “spoofing”. The phishing e-mails look very similar to the design of large companies, such as Amazon. That way, they quickly give the user the impression that it is a legitimate email from the provider. Sometimes even a complete “clone” of a website of an online retailer such as Amazon, Ebay or PayPal is created.

But phishing mails also show up in the form of big shipping companies such as DHL and contain alleged links for delivery tracking. Hence, phishing mails are becoming more and more professional and sophisticated. A sender who looks trustworthy at first glance often turns out to be a fake. Many users recognize such emails. But too many of them click on it and land on fake websites or, in the worst case, download malware with infected attachments onto their computers. In this way, criminals can then receive confidential data – or even control the entire PC.

Especially in the holiday season, you may be more likely to lose track of your orders, especially if having ordered different items from different suppliers and if the payment was conducted through different payment methods. A phishing mail is quickly opened and an attachment with malware downloaded or private payment data entered in an input form and voila: the phishing attack is a full success.

Spear Phishing Attack

The most successful type of phishing attack is the so-called spear-phishing attack, which is specifically aimed at individuals or certain companies. In a spear-phishing attack, the prey is sought and targeted precisely as if by the hunter. This phishing method is by far the most successful on the internet as it accounts for 91% of all online attacks. A common method of deceiving target persons with a spear-phishing attack is to disguise a malicious attachment in a file in such a way that it appears as a legitimate company document with a harmless file extension (e.g. wage-statistics-company-X .docx.exe). Criminals find information that applies specifically to you, to make the attack much more believable. The email can even appear to come from someone you know. They obtain information for these types of attacks in many ways, and one of the easiest and most common is finding information in the public domain. This is data found online, published in newspapers or magazines, or appears elsewhere in the media.

More information and examples on how to recognize a phishing attack can be found in our short phishing awareness video.

Phishing attacks: Companies are particularly at risk

Employees are often the gateway to larger companies. The increased work out of the home office makes it easier for cybercriminals to successfully carry out phishing attacks against employees. A current study on COVID times shows that one-quarter of Swiss SMEs have already been victims of a cyber attack, increasingly due to a lack of security in the home office.

It is particularly lucrative for cybercriminals to spy on company data or blackmail companies with ransomware. As a result of phishing mails that are not intercepted, sensitive data is often passed on or malware attachments are downloaded. Fake business e-mails are also increasingly circulating: if an employee assumes that the e-mail has come from an internal company, he is more willing to download an attachment or to enter sensitive data.

How can a company protect itself from phishing attacks?

The ABC in protecting your company from a phishing attack: Train your employees! If your employees know how to spot a phishing attack, you leave cybercriminals with almost no chance. With the generation of user awareness, you and your employees can build a “human firewall” for your company.

With LUCY you can test your employees with phishing simulations in the first step. The more than 800 phishing simulation templates can be adapted to your needs. In this manner, you can determine how often your employees fall for a phishing attack.

In the next step, your employees will be trained in an entertaining way with more than 300 customizable training modules in the LUCY e-learning management system with videos, quizzes, and games.

For the application in the real world, a phishing button plug-in can be integrated, with which employees can report any threats directly with a click of the mouse.

Click here for the free LUCY download.

Creating better-trained employees and a safer cyber environment. – Your LUCY team.

www.lucysecurity.com
Contact us

Category: BlogBy Laura WuerzDecember 16, 2020Leave a comment
Tags: Blog
Share this article
Share on FacebookShare on Facebook TweetShare on Twitter Pin itShare on Pinterest Share on LinkedInShare on LinkedIn Share on WhatsAppShare on WhatsApp

Author: Laura Wuerz

https://www.lucysecurity.com/

Post navigation

PreviousPrevious post:New Lucy Cybersecurity Awareness Platform: multiple awareness trainings in one campaignNextNext post:Lucy Security presents international Partner Awards 2020

Related Posts

Why LUCY 4.7.5 is a milestone in our product development
September 3, 2020
Holistic Cybersecurity a Must for the Healthcare Industry
April 1, 2020
All Training on Home and Remote Working free of charge
March 25, 2020
RSA Conference 2020, San Francisco, USA – LUCY Interview with The Security Guy
February 24, 2020
USB Challenge
February 20, 2020
Yes, we did it again, get FREE eLearning Videos and other news for 2020
February 10, 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Post comment

Recent Posts
  • Lucy Security presents international Partner Awards 2020
  • Phishing Attacks in the Holiday Season
  • New Lucy Cybersecurity Awareness Platform: multiple awareness trainings in one campaign
  • Why LUCY 4.7.5 is a milestone in our product development
  • 945 Websites Hacked – up to 14 Million Potential Victims
Archives
  • January 2021
  • December 2020
  • September 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • June 2018
  • March 2018
  • November 2017
Categories
  • Blog
  • Local Event
  • News
  • Press
  • ReleaseNote
  • Ressources
  • TechBlog
  • Video
  • Webinar
CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

Phone Global: +41 44 557 19 37
Phone USA: +1-512-696-1522
Phone USA Support: +1-512-696-1514
Phone Canada: +1 289-270-2547
Phone France: +33 611 821 535
Phone UK: +44 (0) 7517 236426

SEARCH
CONNECT

Find us on:

Facebook page opens in new windowTwitter page opens in new windowYouTube page opens in new windowLinkedin page opens in new window
INFORMATION
  • Home
  • Solution
  • Pricing
  • Resources
  • About us
  • Support Wiki
  • Contact
  • Download LUCY
  • Demo request
LANGUAGE
  • English
    • Deutsch (German)
LUCY Security
All Rights Reserved 2021










Noted in the press

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Privacy PolicyCookie PolicyACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.