Phish for the Holidays-The Gift that Keeps on Giving or Taking?

By Peter Bernstein December 09, 2013

For many of us of a certain age the wildly original American improvisational rock band Phish is the gift that has kept on giving since the band was formed in 1983.  For those uninitiated, or merely curious, here is a link to their YouTube channel where the current featured track is “Wombat” as performed 10/31/13 at Boardwalk Hall in Atlantic City, NJ. Clicker alert:  Phish is an acquired taste.

With that as a segue the purpose here is to serve as a public service warning.  It is to alert you to Phishes that you should not acquire, or even taste. I am referring obviously to the online malicious act of “phishing.”  By now it is all too familiar to all of us since we have likely been victimized.  Somebody contacts you online masquerading (typically these days very well unfortunately) as a trustworthy entity and we willingly had over personal information like passwords and credit card numbers only to find out our identity has be stolen. This quickly can become the gift that keeps on taking.

The holiday season unfortunately is when those with malicious intent are at their phishiest. After all, successful phishing is a function or exploiting human emotions—fear, greed, anxiousness, curiosity, compassion, getting a good deal—and there is no time of year like the holidays for these emotions to be available for manipulation. 

Believe it or not, phishing knows no bounds. In short, you can be hooked not just at home, but increasingly at work as the bad guys use exploits to gain access to sensitive corporate information and not just to compromise individual easy marks.  In fact, security firm PhishMe, vice present Scott Greaux is out with a nice blog about holiday themed phishing attacks. 

And, while Greaux’s message should resonate all year long regarding the need to educate your employees to be mindful of “E”verything, the presentation of the holiday baddies is reason enough for a brush up on best practices. 

So here you go on exploits to be aware of.

Holiday e-card:   


 Short, sweet and very effective it turns out. Who does not like getting season’s greetings and discounts with participating merchants?

 Equally as effective is getting enticed with a fake invite to your own holiday party as illustrated in the following example.

And, there is the always popular, you have a package waiting scam.

Greaux also warns that inside the enterprise a lots of avenues of mischief to be exploited in terms of getting you to click.  This includes such things as emails about your end of year PTO balance, expense reports and other year-end information status requests/demands. Plus, whether at work or online at home, your inbox this time of year is filled with charities seeking money and all types of travel alerts. 

This may be the season to be jolly and charitable but it is also clearly the season to be careful.  I think I will leave my Phishing to the music variety on trusted links to YouTube or downloads from trusted sites, and leave the rest to a combination of my spam filer and delete button.  The big thing to keep in mind is once you click open, you may have opened an attack, and that is something that can be a lot worse than the smell of rotting fish. 

Edited by Cassandra Tucker
Related Articles

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More

3 Ways to Improve Your VR Projects

By: Ellie Martin    1/4/2018

There is no denying that VR is here and will most likely only increase in velocity as a terminal speed is yet to be even hypothesized. That is why it …

Read More

Alphabet to See Schmidt Step Down

By: Maurice Nagle    12/21/2017

In 2001, Google brought Eric Schmidt on board as CEO. To 10 years later become executive chairman, and continue to serve in this capacity through rest…

Read More