Cyber Monday phishing scams could affect the workplace

If you’re like me, then the idea of fighting the midnight crowds on Black Friday holds limited appeal, even if it means getting an 80% discount on a big screen TV. But thanks to Cyber Monday, people can get ridiculous deals without peeling themselves away from their computers – or offices.

The convenience of scoring a deal from your desk has made the Monday after Thanksgiving the biggest online shopping day of the year, with sales expected to top $2 billion. However, just because we no longer have to risk being trampled, shouted at, or otherwise sacrifice our dignity to get a hot deal, it doesn’t mean that Cyber Monday is entirely safe, and enterprise networks are not immune from the dangers.

Unlike Black Friday, Cyber Monday occurs during the workweek, which means much of the bargain hunting will occur during work hours, and across enterprise networks. These scams may be targeting consumers, but criminals are still trying to use them to gain access to corporate networks and the sensitive information they contain.

Cyber Monday’s proximity to the Thanksgiving holiday makes it even more dangerous for enterprises. Thanksgiving is one of the heaviest phishing days of the year, as phishers take advantage of understaffed operation centers to send out phishing attacks at a rate 336% greater than average, meaning that when employees are sifting through their emails on Cyber Monday, there’s a much greater chance a phish will be waiting for them.

If Black Friday has taught us anything, it’s that people will do crazy, unruly, outlandish, unspeakable things to score a sweet deal on a pair of Ugg boots or a set of new power tools. An online deal is no different, and many normally rational people will abandon caution when an email with a link to a deal for a $99 Xbox crosses their inbox.

The danger in online shopping is also no longer confined to computers. According to McAfee, Americans are using mobile devices for shopping in ever-increasing numbers, with 1 in 4 Americans planning to shop using a mobile phone or tablet this holiday season. With many organizations adopting Bring Your Own Device (BYOD) policies, mobile phishing scams pose a great risk to companies as well, as that text offering a coupon by clicking a link could open the door to the company’s network. In fact, the FBI issued a warning about mobile malware just a few weeks ago. Add to that the growing number of malicious links and scams being sent over social media, and employees are never far from a phishing scam.

In an ideal world, employees would never use a corporate machine or network to conduct personal shopping. In the real world, however, the best defense is an educated workforce that can properly recognize and react to a phishing scam. The good news is that whether it’s Cyber Monday or any other major event that attracts phishing scams, the same rules for staying safe apply. Will your workforce be ready?

What Trend Micro's research means for organizations
Presidential Phishing Scams: Examining Voter Vulnerability