Security experts have warned of the potential risk to corporate IT systems and data from remote workers surfing for Black Friday deals.
Today’s sales spectacular represents the official start of the holiday shopping season and typically attracts a range of scams – from sales of non-existent items to phishing attempts.
According to Proofpoint, the scams often extend to delivery. When sent via text, these lures comprised 56% of all smishing cases in Q4 2021, a 105% year-on-year increase, it claimed.
Separately, OpenText Security Solutions said it recorded a third (34%) of all phishing activity for 2021 in the month of November.
Dominic Trott, UK head of strategy at Orange Cyberdefense, warned that home workers may inadvertently put their employer at risk if they reuse passwords across work and consumer accounts, or unwittingly download info-stealing malware or worse.
“It’s becoming common for employees to use their work devices for personal tasks as the boundary between home and work fades, meaning that any malicious link they click on could result in cyber-criminals infiltrating corporate networks or stealing corporate credentials,” he added.
“Businesses therefore need to take responsibility for educating their staff on the risks that may arise from activity outside of their jobs, and the cyber-hygiene behavior they need to adopt to stop the worst from happening. Ultimately, if businesses advise and educate employees on how to identify and report phishing around the holiday period, they should be able to minimize the risk of ransomware and credential theft.”
Matt Aldridge, principal solutions consultant at OpenText Security Solutions, added that IT leaders should ensure that email security and multi-factor authentication (MFA) policies are fit for purpose in the new hybrid working environment.
“Our recommendation is that everyone should remain cautious when exploring all emails and links received, especially during Black Friday, Cyber Monday and the Christmas season,” he said.