Catches of the month: Phishing scams for December 2021

Welcome to our December review of phishing scams, in which we look at the latest tricks that cyber criminals use to scam people.

This month, we delve into the clever tactics that attackers used to target IKEA employees, summarise the Christmas-themed attacks you need to look out for and discuss a report warning of a thriving new attack vector.

IKEA ensnared in reply-chain attack

IKEA found itself battling a sophisticated phishing attack last month, after cyber criminals targeted employees using compromised reply-chain emails.

These types of attack occur when hackers compromise an account and reply to a previous message in the reply chain.

The bogus message works in the same way as traditional phishing, with the attacker including a malicious attachment or a link to a fraudulent site. However, because the email is part of an ongoing chain, there is less reason for recipients to believe that the sender’s account has been compromised.

BleepingComputer reports that IKEA is warning employees about ongoing reply-chain attacks, and has said the messages are also being sent from other compromised business partners.

An internal email to IKEA staff

“There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA,” an internal email said.

“This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious.”

Prepare for Christmas scams

Many people will already be in full Christmas cheer, with decorations up and presents wrapped. But for the rest of us, December marks the beginning of the holiday season and the point at which we turn our attention to holiday planning.

But as happens every year, cyber criminals use our eagerness against us with a series of scams.

One scheme that shoppers must look out for involves bogus adverts on online marketplaces. Social media trading pages and auction websites typically aren’t subject to the same regulations as standard e-commerce sites, making it easier for people to scam customers.

The most common type of scam occurs when a criminal posts an advert for a product that they don’t actually own or have no intention of selling. Someone pays money for the item and the sale goes through a third-party system, such as PayPal.

By the time the purchaser becomes suspicious that their package hasn’t arrived, it’s too late: the seller has closed their account and created a new one.

Another scam that you see often at Christmas are bogus order confirmation emails, such as this one:

Source: Action Fraud

The message might include an expensive item that you have apparently purchased, enticing you to follow a link to alert the retailer to the mistake.

Alternatively, the message may trick you into clicking the link by giving you a delivery date after Christmas. This is clearly a problem if you want to give the item as a gift, so you would be tempted to follow the link to cancel your order.

By following that link, you are sent to a bogus website that’s made up to look like the retailer’s login page. When you enter your credentials, you are handing them to the cyber criminals, who now have control of your account.

Watch out for the rise in mobile scams

Mobile-based Christmas scams are quickly becoming a major issue, according to research by Proofpoint.

It said that the volume of phishing scams conducted by text message – also known as ‘smishing’ – has almost doubled compared to this time last year.

The messages are Christmas-themes, offering services such as gift deliveries and promoting special offers at retailers.

“There has been a trend the past few years of scams and smishing related to the holidays and holiday themes in the fourth quarter of the year,” said Jacinta Tobin, Proofpoint’s global vice president of Cloudmark operations.

“We have seen steady growth both from our U.S. and global scam and smishing reports starting in October and increasing through December,” she added.

Can you spot a scam?

Make sure your staff know how to identify and avoid scams with our Phishing Staff Awareness Training Programme.

This 45-minute course uses examples like the ones above to explain how phishing works, what to look out for and the steps you should take to avoid falling victim.