This is a thought leadership article by PrimeGlobal member firm Schneider Downs which looks at what it is really like to be investigated by HMRC. 

Ho, ho, ho, hold on before clicking on that link advertising an amazing deal this holiday season.

Phishing, that ever-present and ever-growing organizational concern, is a preferred attack method for hackers because of its relatively simple premise: deceiving a user into clicking a link that allows access to personal information. Even with the flurry of activity surrounding Black Friday and Cyber Monday now in the books, cybercriminals still have all of December to take advantage of both consumers and organizations through phishing schemes.

The primary concern surrounding holiday phishing is to protect the regular consumer, but phishing can be just as threatening for organizations. An employee could cause a breach by clicking a malicious link from a personal email that they’ve accessed at work or by falling for a phishing scheme sent to their company email. So how can organizations make sure their people don’t give them the unwanted holiday gift of a security breach?

Here are six tips to help you and your end users get your holiday shopping done safely:

  1. Organizations: refresh the topic of phishing to your employees

Remind employees how to recognize and report a phishing email. Phishing is effective because it creates a sense of urgency, which is something that might stand out as suspicious in April, but blends in right now in a season full of ads urging users to “act before this deal disappears.”

2. Be proactive; eliminate the attack before it reaches your employees

Your people don’t need to be the first defense against suspicious holiday deals. We recommend having an email security solution in place to provide targeted threat protection against spam, malware and phishing.

3. Do your shopping on a secure network

We’re all connected all the time. To keep your personal information (name, address, credit card) and devices safe, always connect to a secure network.

4. Verify shipping updates and tracking numbers manually 

The most popular phishing emails during the holiday season contain malicious links disguised as shipping updates or delivery notifications. Never click on tracking numbers; copy and paste the number (or write it down) and use the carrier’s website to get your update.

5. Delete deals with attachments

Think about it: when have you ever gotten an attachment from Amazon or Target? Vendors include sales information directly in the body of an email. If you see an attachment, don’t click; it may contain malware.

6. Don’t click on popup ads

Popups may be tempting, but cybercriminals often use them to direct you to malicious websites, so it’s best to stay away. For safest surfing, go directly to the vendor’s website or, even better, their app.

Content by:

Schneider Downs & Co., Inc.

Schneider Downs is a top regional accounting and business advisory firm located in the northeastern part of the United States with a significant international reach. For more than 60 years, we have provided professional services to public and private companies, nonprofit organizations, professional associations, service firms and government entities across the United States and around the world. We have more than 450 employees and 42 shareholders and offer more than 80 services with dedicated teams from five business units: Assurance and Tax Advisors, Business Advisors, Corporate Finance Advisors, Technology Advisors and Wealth Management Advisors.

Learn more