The holidays can be a lonely time for people without family. Hackers and scammers know this and take advantage by targeted vulnerable people. Beware of unsolicited emails and text messages containing clickable links. Often, they are socially engineered by hackers to hit your pain points or pique your interest. The practice is known as “Spear Phishng” and amounts to fraudulent emails and text messages ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information. The goal is usually to get the user to click the link to gain persistence to the targeted device (usually the user’s phone or computer).
“Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.”