The holiday season conjures images of warmth by the fireplace, twinkly lights, and merriment with loved ones. Sadly, it is also prime time for cyber attacks.

Every year since I began working in incident response, the weeks between Thanksgiving and New Year's are consistently our busiest times at Coalition. We know threat groups are packaging up the perfect attack, and what better time to carry them out than while everyone is off on vacation and spending time with their family?

I’ll dive into some common attacks and scams threat actors use during the holiday season, mitigation strategies for your clients that can reduce their risk, and how Coalition can help.

Common holiday cyber scams 

Ransomware may be a headline-grabbing cyber incident, but it is often preceded by other, harder-to-spot attacks, such as phishing, which can be executed via email or text message (smishing).

When we’re already overloaded during the holiday season, we can be less discerning when going through the influx of emails. It’s tempting to click without checking a link to quickly resolve an issue with an order or locate a package. Still, it’s important for your clients to take a moment and verify the authenticity of the source. After all, our Cyber Claims Report: Mid-year Update found that phishing was the initial attack vector for 58% of our claims. 

A few common holiday scams we anticipate threat actors will continue to use via email and text throughout the holiday season:

• Fake order receipts or tracking emails/text messages

• Donation requests

• Fake surveys, giveaways, and contests

• Gift card purchase requests, which will often appear to come from your client’s organization

5 (easy!) mitigation steps for the season of cheer

1. Review emails and texts for possible phishing attempts

Encourage your clients to take a closer look at their emails. Does it contain any obvious misspelled words or variations in the domain name in the email header? Attackers will often spoof legitimate domains and slightly misspell the domain. The goal of any good phishing campaign is to trick you into clicking the link or downloading the attachment before you think.

Threat actors are also clever and opportunistic; they may comb through your client’s social media posts to learn precisely where their holiday party was held or what key accounts they may have to launch highly targeted attacks. 

2. Review accounts, new and old

A proactive review is an important step in onboarding and offboarding your employees. Over the next few weeks, have your clients review their accounts and make sure they close accounts for employees who have offboarded. Likewise, they should watch out for any new, suspicious accounts being created.

3. Shut down all network-connected devices

If your client closes their business over any portion of the holiday season, encourage them to shut down their network. Shutting systems off is one of the best ways to avoid an attack because nothing can happen when a system is offline. If a device doesn’t need to be on, turn it off—including that workstation in the back room that is barely used.

4. Deploy updates before leaving for the holidays

For businesses that can’t shut everything down, it’s necessary to update firewalls, software, and servers before they leave. They should make sure everything is up-to-date and shut off what they can. 

5. Talk to your staff about cyber preparedness

Your client may know a thing or two about cybersecurity; they may even be the head of IT or the CISO for their organization. But have they talked to their employees? Advise your clients to talk to their staff about being aware of emails they're receiving, not clicking links, and not downloading attachments. It’s a busy time of year, but it’s worth taking the time to surface cybersecurity awareness training and remind them of potential threats. We also recommend using multi-factor authentication (MFA) on all email accounts and remote connections to reduce the risk of a phishing attempt turning into an incident. 

Pre-claims: How we help before an issue becomes a claim 

Sometimes, despite taking every necessary precaution, human beings make mistakes. When that happens, Coalition is available to help. 

We call this pre-claim assistance. Essentially, it's a high-level incident response review available to all of our policyholders. Maybe that email from your CEO requesting an urgent purchase of gift cards looked like it was actually sent from his actual email and you clicked— we can take the time to review if anything happened as a result of that click and decide if you need to move forward with a claim.

Often, our policyholders who reach out for pre-claim reviews don't end up filing a claim. Instead, we advise them how to button up the issue at hand. This assistance is often something that a dedicated IT or security team would provide, but smaller businesses may not have those resources. That’s why we provide that service for them.

Our broker partners can also reach out for pre-claims assistance; we regularly get emails from brokers asking if their insured should worry about an issue. We can often respond quickly to assess if their client is genuinely being spoofed and perhaps at risk of a cyber incident, or if something else is happening. 

Stay safe this holiday season

The holiday season has been one of the busiest times throughout my career. Our most recent claims report shows signs of relief from encryption-based ransomware attacks, but phishing remains a tried and true attack, and it’s especially easy to trick people during November, December and January.

Still, that doesn’t mean cyber incidents are a foregone conclusion for your clients. The key to a happy holiday season is remaining aware of common tricks and thinking before you click. 

Reach out to your clients ahead of time with these mitigation strategies and remind them that in the event the worst should happen, Coalition is available.