Phishing: Make sure your employees don’t swallow the bait this Christmas

Nibble the phishing bait and your Christmas could be ruined…

Bonfire Night has not even gone up in a blaze of glory and yet the focus of the retail world is well and truly on Christmas. The mince pies are already in the supermarkets and by the time you read this you could well have seen the Coca-Cola truck or the M&S advertisement.

Consider these stats:

  • This Christmas, online spending is set to exceed £13 billion according to Sage Pay.
  • In the UK last year, 61% of people did at least half of all their Christmas shopping online. This is only set to increase.
  • A recent Econsultancy report stated that this year, 95% of online shoppers will use companies’ click-and-collect services.
  • eBay expected 2.7 million Christmas-related searches in August. (August, people!)
  • Some e-commerce businesses achieve 80% of their total annual revenue during the Christmas period.

Christmas is big business for everyone… including cyber criminals.

With such a massive increase in online activity, cyber criminals love Christmas. And one of the most popular means of attack at this time of year is phishing. Phishing attacks try to acquire sensitive information like email addresses, passwords and card details by masquerading as legitimate organisations. Individuals are duped into clicking on links in emails or entering their details on what they believe to be legitimate websites.

A quick example taken from last Christmas (sing along if you like):

Last Christmas I gave you my card details.
The very next day you gave them away.
This year, to save me from tears,
I’ll give them to someone with an https website that I know is legitimate, I will use a secure computer and I won’t have that extra glass of wine before going online and being a little care-free in where I click and who I order from.

And now, the example…

You receive a confirmation email from PayPal (usually for a small amount) for an item that you know you didn’t purchase. Was it your partner? Your children? The next thing you know you’re clicking on the ‘cancel payment’ button and are required to enter your email address and password to cancel the payment.

Hook, line and sinker. It’s that simple.

Organisations are also at an increased risk from these types of attacks. The same method can be used to encourage unsuspecting workers to download malware, viruses and Trojans onto computers and networks. For organisations, it is essential that staff are aware of the dangers and that they have secure systems and networks in place.

So here are some tips to stay safe this Christmas:

For consumers:

  • Ask yourself: “Does this look authentic?”
  • “Did I buy something from”
  • Be careful where you click. Does this site use https?
  • Ask yourself: “Why am I being asked to click here?” If you’re not sure, don’t click!

For organisations:

Don’t nibble the phishing bait. Stay safe this Christmas.


IT Governance provides fixed-price CREST-accredited testing services that can be deployed by any organisation looking for better protection.

To help organisations prepare for the increased cyber threat during the Christmas period, book our Combined Infrastructure and Web Application Penetration Test – Level 1 and we will carry out an email phishing campaign to test staff awareness free of charge.

Find out more about how this offer will help protect your business this Christmas and maximise your sales opportunities.


  1. Dennis Sever 6th November 2014
    • Lewis Morgan 6th November 2014