@LaJoieSecurity Threat Blog
Phishing Friday: Beware of Holiday Delivery Scams Targeting Your Inbox
As the holiday season approaches, cybercriminals are ramping up their efforts to exploit the surge in online shopping and package deliveries. A prevalent scam involves fraudulent delivery notifications designed to steal personal information.
The Scam Unveiled
Scammers send emails or text messages posing as reputable delivery services, claiming issues with a package delivery. These messages often urge recipients to click on a link to resolve the problem, leading to phishing websites that harvest sensitive data or install malware.
Real-World Example
The Federal Trade Commission (FTC) has reported a rise in such phishing attempts, where victims receive messages about missed deliveries or incorrect addresses, prompting them to click malicious links.
Consumer FTC
Protective Measures
- Verify Before Clicking: Instead of clicking on links in unsolicited messages, contact the delivery company directly using official channels.
- Inspect URLs Carefully: Hover over links to view the actual URL and ensure it directs to a legitimate site.
- Enable Security Features: Utilize email filters and security software to detect and block phishing attempts.
YARA Rules for Detection
To detect such phishing attempts, implement YARA rules that identify common patterns in phishing kits. The PhishingKit-Yara-Rules repository offers a collection of rules tailored for this purpose.
GitHub
Leadership Takeaways
- Employee Education: Regularly train staff to recognize and report phishing attempts, especially during high-risk periods like the holidays.
- Incident Response Planning: Develop and maintain robust incident response strategies to swiftly address phishing incidents.
- Secure the Advantage
- Advanced Threat Detection: Deploy tools that utilize YARA rules and other heuristics to identify and mitigate phishing threats proactively.
- Continuous Monitoring: Implement systems to monitor communications for signs of phishing, enabling rapid response to emerging threats.
Stay vigilant this holiday season to protect yourself and your organization from phishing scams.
References
Federal Trade Commission. (2024, December 2). Scammers are delivering phishing messages this holiday season. Retrieved from
GitHub. (n.d.). PhishingKit-Yara-Rules. Retrieved from
Sign UP now for our newsletter and to learn more about our offerings!
Address:
44 Monticello Ave St 1802
PMB 585923
Norfolk, VA 23510-2670 USA