A lesson on phishing from Wham!’s “Last Christmas”

Is Wham’s “Last Christmas” secretly about falling for a phishing scam? No, of course not, but it does have some surprisingly effective parallels.

The 1984 hit tells the story of someone who lets their guard down at Christmas, trusts someone they shouldn’t and loses something they treasure. This is exactly what phishing scams try to do – and whether it’s personal relationships or cyber security, Christmas is a vulnerable time for all of us.

Last Christmas, I gave you my name and bank details

Christmas is practically synonymous with generosity and giving. It’s the time of year when we’re the most positive versions of ourselves, buying each other presents, spending time with loved ones and vowing to change our bad habits. We buy into the myth of Christmas that everyone has each other’s best interests at heart and nothing bad can happen.

But as George Michael learned to his cost, however generous we are, we can never be sure our kindness will be reciprocated.

So when you receive an email ostensibly from a charity asking you to give a donation, you should think twice before handing over your money. There’s a good chance that it isn’t a charity at all, and the person you handed over your information to will give it away – or, rather, sell it on the dark web or use it to make fraudulent purchases.

But Christmas isn’t just about generosity. It’s also about endless chores and stress, and cyber criminals use phishing scams to exploit that. At work and at home, your email addresses are often flooded with emails from shipping companies as you rush to send and receive packages before Christmas. However, there’s a good chance that some of those are phishing scams.

A typical scam will tell you that your order can’t be shipped, and you need to click on an attached link and re-enter your personal details. Alternatively, hackers might include a malicious attachment that purports to be a receipt or other important document.

This year, to save me from tears, I’ll enrol on a phishing staff awareness course

Victims of phishing emails, like George Michael (and, to a lesser extent, Andrew Ridgeley), will learn how harmful a few careless whispers can be. But whereas that lesson needs to be learned first-hand when it comes to love, there’s an easier way for those concerned about phishing: staff awareness courses.

Our Phishing Staff Awareness Course shows your employees how phishing works, what to look out for and how to respond when they receive a malicious message. It’s ideal for all employees who use the Internet or email in their day-to-day duties and, as such, it’s delivered in simple terms that everyone in your organisation can understand.

Feeling extra vigilant? Purchase our December book of the month, Security in the Digital World, or book an Infrastructure (Network) Penetration Test before 22 December to save 10%.