Security Awareness – New Year, Old Themes

I know it’s only January, but if phishing campaigns feel like Groundhog Day, that’s because they are. Yet, despite the same ‘ol themes, it’s important to keep staff apprised and reminded of the tried-and-true tricks that threat actors keep using because they keep working. And if there’s one thing miscreants have a penchant for, it’s cultural and seasonal themes. If you’re wondering if you should warn your wonderful users about which themes to be wary, check out these recent posts from Cofense and Checkpoint for a clue!

According to Cofense, seasonal topics, such as 401K, other retirement investment activity, or timely HR initiatives such as salary adjustments are being used as successful lures. These work great as employees typically expect and may look forward to receiving notifications and even emails at least once a year that fall into these categories.

Additionally, according to the latest Checkpoint’s Quarterly Brand Phishing report, it would be prudent to remind users to be suspicious of emails purporting to be from Microsoft, which accounted for 33% of all brand phishing attempts during Q4 2023. These fake emails requested recipients to verify their email address. Other brands to bolster user vigilance on are Amazon, Google, and Apple. For more details, check out the related posts at Cofense and Checkpoint.