Why Phishing Attacks Increase on Holiday Seasons

Overview

Phishing continues to be a major attack vector, and it’s surprising just how many security incidents and breaches start with an employee clicking on a link in a carefully crafted phishing email (and sometimes doing the same with a not-so-well crafted phishing email — see this example). 

There’s still a general perception that phishing attacks are more of a risk to consumers than businesses. To an extent that’s true — enterprises deploy security tools to block phishing attacks and now most employees receive ongoing phishing-awareness training. Consumers, on the other hand, may rely on their ISP for protection and are more susceptible to scams (no, the government does not want to give you a tax refund).

But there’s been a major change. According to research published by Akamai, there was a rapid increase in enterprise traffic related to remote working in 2020 — that’s not terribly surprising. What is likely more surprising is that the research also showed a dramatic increase in the consumption of services such as streaming, gaming, and social media from enterprises remotely connected devices. 

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

This can be explained by changes in the way our personal and professional lives have blurred, and that many users are now using the same device for work and play. This means that phishing attacks targeted at consumers or businesses now carry equal risk for an enterprise. In other words, it doesn’t matter if an employee’s laptop is compromised as a result of a phishing attack designed to steal their personal bank account details or their employee credentials — the end result is a compromised device that is connecting to the enterprise’s network.

Let’s now take a look at what Akamai observed in the phishing landscape last holiday season.

Based on Akamai platform traffic, we can see that the number of phishing attack victims increased dramatically from the second half of October to the end of November. During that six-week period, there was an increase of nearly 150% in phishing victims. We attribute that increase to the following reasons: the state of mind of internet users and the motivation for cybercriminals to launch more attacks.

Users are more vulnerable to phishing attacks over that six-week period as the holiday shopping season leads to higher levels of engagement with scams, specifically those that offer deals and coupons — we all want a bargain. Because victims are potentially more susceptible to scams, the holiday season leads cybercriminals to execute a variety of nefarious activities and launch all kinds of phishing campaigns as their potential success rates will improve the more they try.    

Bar graph illustrating the trend of phishing victims over time

A look at the leading targeted industries by growth in the number of victims shows that media, e-commerce, and financial services showed significant increases over the same time frame. However, much more noticeable are phishing attacks targeted at financial services with an increase of more than 700% in victims compared with the previous weeks. The increase in financial scams can be explained by cybercriminals’ efforts to maximize their campaign activity over the holiday season as victims are more engaged and as compromised financial credentials are highly valuable.   

A bar chart illustrating the trend of phishing victims segmented by industry over time

Minimizing the Risk of Phishing Attacks

There are a number of things enterprises can do to improve their defenses against phishing attacks. 

  1. Ensure that phishing training is ongoing and is adapted to cover the need to be vigilant about consumer-based attacks.
  2. Review existing phishing protections — Akamai has observed that phishing is no longer just an email problem. Attacks are increasingly being launched via social media and messaging apps. So looking at approaches to mitigate these attack vectors is key.
  3. Consider tools that can identify and block requests to brand-new phishing pages in real-time and at the point of request; even if the page has never been seen before. These types of tools provide an additional layer of real-time protection.
  4. Introduce Zero Trust to your organization if you’re not there yet. Start with this short guide for quick orientation.

Contact us to start your Zero Trust journey today, and finish it quicker than you imagine.

Originally published by Akamai Technologies

Latest Articles

On-Demand Webinar: CISO’s Roadmap to Cloud Security Excellence

Today’s CISOs face a daunting array of security threats. From ransomware and cloud misconfigurations to zero-day exploits and code vulnerabilities, the stakes have never been higher. Join our cloud security expert engineers for an enlightening webinar that delves deep into the state of cloud security in 2023. Learn about the best tools and practices that […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
18th June, 2023
The fastest Zero Trust browsing & app access service

Welcome to our Solution Brief on Zero Trust, the future of cybersecurity. Our expert team at GlobalDots has prepared this to help you understand the key components of Zero Trust, and its role in securing modern business applications and data. Our Zero Trust solution covers all the critical components of ZTNA, including VPN replacement and […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
9th March, 2023
Remote work & WFH Policies: FAQs Answered

We were recently approached by the press to provide some policy guidelines for companies adopting the hybrid or 100%-remote model. Truth be told, GlobalDots’ legacy of remote work dates back to the surge of Skype. Yes, we’ve been working remotely for quite a while, so for us, the Pandemic didn’t change much. How One AI-Driven […]

Shalom Carmel Chief Information Officer at GlobalDots
20th April, 2022
How to Keep Hackers Out of Your Distributed Environment

New normal, new challenges One of the outcomes of COVID-19 has been our newfound openness to remote work. According to a recent PwC survey, 41% of workers would now prefer their workdays to be fully remote, compared with 29% in January 2021, signaling the desire to work remotely is only ramping up. For cybersecurity teams, this new reality brings […]

Shalom Carmel Chief Information Officer at GlobalDots
19th December, 2021

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services