By Merrilee Maxon
As the excitement builds for Black Friday sales, so does the risk of falling victim to phishing scams within emails. As advised by the Cybersecurity and Infrastructure Security Agency (CISA), individuals should exercise caution if an email pressures them to act urgently, especially regarding Black Friday deals. Cybercriminals capitalize on the holiday season to launch sophisticated attacks, attempting to deceive unsuspecting consumers into revealing sensitive information. To safeguard your personal and financial data, it is crucial to enhance your email security awareness.
Typically, users are aware of ‘Urgent’ emails being potential scams/phishing emails. But the time restrictions built around Black Friday sales give Cybercriminals a perfect scenario for high pressure ‘urgent’ emails. These emails type of emails request your action immediately and can redirect you to a page to ‘securely’ enter your personal and financial information. Rarely will a retailer or legitimate entity ask you to enter personal or financial information via email. If you question the legitimacy of an email, the best option is to go directly to the website URL or call customer service.
It is equally important to scrutinize Black Friday emails that contain links or downloadable attachments. Cyber professionals will advise you to never download email attachments, unless you verify the sender. This is even more important during the holiday season. By downloading an attachment, a user is essentially giving Cyber Criminals free access to install a virus, track user key stroke (data entry on websites) and read any data/files stored on a device.
Throughout the holiday season it is important not to allow the allure of sales/prices to catch you off guard. By paying attention to email address (spellings, domain differences, etc.), not clicking links, not downloading attachments, and staying vigilant; users can better protect themselves from this type of Cyberattack.
Merrilee Maxon is the Cyber Compliance Services Manager for Cybernet’s cybersecurity division. She supports cybersecurity and our Defense Industrial Base customers in obtaining compliance with DoD, Cybersecurity Maturity Model Certification (CMMC), and other standard cybersecurity accreditations, as well as help them anticipate future requirements.