Cybersecurity

CISO Insights – December 2024

Tips for Keeping the Holidays Cyber Safe

The holiday season is a prime time for cybercriminals to exploit businesses and individuals alike. It’s a time when most of us are distracted with festivities, deadlines and other priorities. We balance year-end tasks with holiday plans, leading to reduced security awareness. This divided attention makes it easier for cybercriminals to succeed in their malicious activities — and it’s working. According to USA Today, the cost of cybercrime could reach a massive $9.5 trillion in 2024.

As you prepare for the holiday season, be sure to remain cautious and aware of cyberactivity, and enjoy this seasonal poem.

Keep this holiday season “happy” by staying cybersafe at work and at home. Cybercriminals use this festive (yet sometimes hectic) time of the year as their opportunity to prey on holiday distractions, your goodwill and increased online activity.

Three tactics cybercriminals use to target and manipulate you, red flags to watch out for and what to do if you suspect you’re being scammed:

Phishing (email scams)

• What it is: Emails that look like they’re from a trusted sender, like a brand or retailer, offering fake deals, shipping notifications or holiday giveaways. They often include malicious links or attachments designed to steal your personal information or infect your devices with malware.

• Red flags: Urgent or alarming messages, suspicious links or attachments, requests for personal/sensitive information.

• What to do: Don’t click on any links or respond to the sender. If it appears to be from a legitimate organization, independently obtain their official contact information or website and contact them directly — don’t use any of the information in the email. If it’s a phish, be sure to report the phish through the Report Phish button (work) or your email provider (personal).

• For more information review: Flight confirmation scams, gift card scams, holiday shopping scams, popular event scams, remote support scams, travel-related scams, fake invoice scams.

Smishing (text message scams)

• What it is: Text messages that impersonate legitimate senders, such as delivery services, banks or retailers, alerting you of an “urgent” issue, like package delivery or account issues.

• Red flags: Unsolicited or unexpected text messages, links to unfamiliar or suspicious websites, requests for personal or financial information.

• What to do: Don’t click on any links or respond to the sender. Even if it appears to be from a legitimate organization, independently obtain their official contact information and contact them directly — don’t use any of the information in the text message. If it’s a smish, be sure to report the smish to your mobile carrier. If the sender is impersonating someone from Houston Methodist, call the IT Service Desk immediately.

• For more information review: Smishing Lures.

Vishing (voice call scams)

• What it is: Phone calls where scammers pose as customer service agents, charity representatives, etc., tricking you into revealing financial information or account credentials.

• Red flags: Unsolicited or unexpected calls, urgent or high-pressure tactics, requests for personal/sensitive information or payments.

• What to do: Don’t provide any information over the phone. Legitimate organizations won’t call you to ask for this information over the phone. The caller may try to pressure you — stay calm and hang up. Don’t engage in any further conversations. Independently obtain the organization’s official contact information and contact them directly — don’t use any of the information provided by the caller. Be sure to report the vish to your mobile carrier. If the caller is impersonating someone from Houston Methodist, call the IT Service Desk immediately.

• For more information review: Who’s Really on the Line and Does this Call Seem Suspicious.