How businesses can avoid phishing scams during the holidays

Phishing is a persistent and evolving cybersecurity threat that can affect any person, and any size or type of business. It is one of the 3 most common cybercrimes in Canada, and only 50% of Canadian organizations have a formal protection plan in place against it.

According to Stats Canada, 1 in 6 businesses were impacted by cybersecurity incidents in 2023, each costing Canadian businesses approximately CAD $88,000.

Phishing attempts typically involve cybercriminals impersonating someone trustworthy to deceive individuals into revealing sensitive information, such as login credentials, financial details or personal data. They can come in the form of ‌fraudulent emails, text messages, unsolicited phone calls or even messages via social media platforms to instill a sense of urgency requiring immediate actions, which can reduce the victims’ safeguards.

Phishing can be a sophisticated and highly effective form of cybercrime that uses social engineering to exploit both people and businesses. During the holiday season, this form of cyberattack can become more frequent and elaborate.

The rise of phishing attacks around the holiday season

Cybercriminals are known to exploit vulnerabilities around increased online activity. Here are some reasons why phishing attacks spike with the holidays just around the corner:

1. Increased online shopping and financial transactions
   During the holiday season, a surge in online shopping provides cybercriminals with more opportunities to launch phishing scams, send phishing links or create fake e-commerce websites to steal financial information.
2. Distracted users and social engineering tactics
   Festivities and celebrations can lead to distracted online behaviour. Users are also more susceptible to social engineering ruses and phishing attempts linked to donations and social causes.
3. Reduced IT staffing
   Many organizations operate with reduced IT staffing during the holidays, creating opportunities for cybercriminals to exploit unnoticed vulnerabilities.
4. Less system patching
   Some businesses delay applying software patches and updates during the holiday season, which can make them more vulnerable to attacks during this period.

Spotting phishing tactics around the holiday season

It’s crucial to recognize the signs of phishing attempts, educate employees and implement security measures to help protect against this evolving threat. The 2022 TELUS Canadian Cloud Security Study found that cybersecurity training for all employees could help reduce the top cause of cyberattacks – human error.

There are some phishing tactics and potential online threats that may be easy to miss among all the promotional emails we get during the holiday season. That’s why it’s so important to stay extra vigilant during this time of the year.

Read the guide, Protecting against cyber threats to learn more ways to safeguard your customers, people and business.

The 5 most common phishing attempts during the holidays

1. Digital payment-based scams
   Phishers use well-known payment applications as a ruse to steal sensitive information, posing as online payment services.
2. Finance-based phishing attacks
   Scammers impersonate banks or financial institutions, invoking fear or urgency in victims to gain personal information or credentials.
3. Work-related phishing scams
   Attackers pose as executives or colleagues, requesting wire transfers or fake purchases, targeting employees and potentially compromising the organization's security.
4. Fake charity campaigns
   Cybercriminals exploit the ‘giving spirit’ of the holidays to create fake charity campaigns, diverting donations for their gain and attempting to steal personal and financial information.
5. Ransomware attacks
   Ransomware attacks increase during the holiday season, often launched through phishing campaigns. These attacks can have devastating financial and reputational consequences for individuals and organizations.

Preventing phishing attacks

• Establish a comprehensive holiday strategy, including an emergency plan and  24/7 coverage with a response team.
• Partner with a managed service provider to help enhance your business’ cybersecurity response.
• Conduct a pre-holiday audit to validate infrastructure, network permissions and security, patch vulnerabilities to help ensure compliance with industry security standards.
• Keep systems up to date, including firewalls, antivirus software, anti-malware tools, locally installed applications and operating systems.
• Provide training and education to employees, emphasizing the importance of identifying and avoiding phishing attempts, like verifying the legitimacy of emails and website links, and how to report suspected phishing messages so they can be investigated and blocked by the organization.
• Implement password management strategies and multi-factor authentication (MFA) on all of your online portals, accounts and devices.
• Remove or reduce local administrative permissions to help minimize the range of security risks.

When maintaining a proactive approach to cybersecurity, you can help safeguard your organization's data, reputation and financial assets not only during the holiday season, but throughout the year. With the right partner, you can elevate your defences to a new level, as they can provide multi-layered solutions tailored to protect your organization even before threats arise, ensuring long-term security efficacy.

Your IT, Fully Managed

Learn more ways to help protect your business from cybersecurity threats by downloading our comprehensive guide.

Visit telus.com/FullyManaged to learn how TELUS Business can help take cybersecurity issues off your to-do list.

This blog was originally posted on Telus.com. To learn more visit Telus.com/blog/business.