We live in a world where many people are naïve when it comes to matters of Cyber Security. This fact, coupled with the onslaught of internet scams floating around the web today, could create the perfect storm of compromised cyber safety. We want to warn all of our clients, colleagues, and associates to be VERY skeptical when reading through their inboxes in the coming weeks, since December is a particularly popular month for phishing campaigns.
A prime example of the havoc that can be wrought from phishing is the recent Marriott/Starwood data breach. The incident could potentially impact up to 500 million people who have been guests of the corporation's hotels or restaurants. In the few short days that followed the initial statement by Marriott/Starwood announcing the breach, a host of multi-million-dollar lawsuits were filed against the corporation.
Hackers will likely initiate Marriott-related phishing attempts linked to any and all email addresses available to them, in the hope that their scam messages will receive high click rates. Be on the lookout for such phony emails.
Possible Phishing Campaigns May Include
1. An "apology" email that looks like it's coming from Marriott/Starwood, referencing the breach.
2. An inquiry to "check if your data was impacted" by the Marriott/Starwood breach.
3. A warning suggesting that there is a problem with your credit score as a result of the Marriott/Starwood breach.
Also, with the holidays quickly approaching, be on high alert for phishing scams pertaining to holiday e-Commerce orders.
Look for Clues
a. Poor spelling or grammar
b. Strange websites or URLs (Uniform Resource Locator) ~ be wary of “hover over the link” instructions. Note the ever-popular and prevalent "urgent request" message; it is usually a red flag.
c. An unexpected message that requires your immediate attention (emergencies). If something looks off; it likely is. Be VERY skeptical!
Implement a Cyber Security Awareness Campaign
a. Include a recurring tutorial educating against phishing emails
b. Establish an inventory of your IT Assets (including data mapping)
c. Implement/Update IT Security Policies (including data classification)
HBK can assist you with these action items as well as other cyber security topics or questions. Please contact a member of our Risk Advisory Services group for more information by emailing William Heaven at firstname.lastname@example.org.