All Day Shopping Means Your Office IT Network is at Risk
“Your order cannot be shipped…”
“There was a problem processing your order…”
“You will not be able to access your account or place orders until we confirm your information...”
Don’t believe it.
No matter how authentic that Amazon email looks, don’t click on any links, or for that matter, any email you have not verified as legitimate. Amazon Prime Day is a bacchanalia for cyber scum. Phishing emails. Infected pop-up ads, online and telephone offers for deals that are so awesome, they can override a person’s impulse control, leading shoppers to click before they think.
Last year, Prime Day pulled in more sales than Black Friday, with a flood of discounts on products people suddenly realized they could not live without. After all, who doesn’t need a Segway, iRobot Roomba Vacuum or Thermal Imaging Camera.
Beware of links in time-limited offers
Then there are the “Lightning Deals”, only available for specific products for limited times and free trial offers if you don’t have an account. These examples could be legitimate, but clicking on that unverified email could be the end of a shopping spree and the beginning of a cyberattack with devastating results.
With a 24+ hour time window, you can bet that employees will be shopping during office hours, using office computers and other devices connected to the office network, elevating the risk of a cyber threat.
Reduce your vulnerability to a cyberattack:
- Advise employees not to click on any email allegedly from Amazon, and instead, enter Amazon.com into their web browsers and log into their accounts.
- Never click on an attachment, from Amazon or anyone else, before validating. Infected attachments can install malware on computers.
- Watch for typos, extra spaces and punctuation errors. Emails from reputable companies should not have errors. In addition, hover over all links. If they don’t match the domain address, it’s a scam.
- Two-step verification. Yes, it’s annoying, but worth the small inconvenience. Two-factor authentication, as it’s called, requires you to prove who you are two different ways. Google, Facebook, Apple, your bank, and health insurance companies offer, and sometimes require, two verifications to access your account.
Businesses should have to strong security controls to protect their networks, and an ongoing security awareness program to be effective. Phishgoggles Security Awareness Service is one option to make secure behaviors second nature. With the rise in sophisticated, legitimate-looking phishing emails, social media ads and fake websites, securing your technology and your people is no longer optional.
When is Amazon Prime Day?
Unofficial reports suggest July 17, but Amazon has yet to confirm.