Gone Phishing

The pandemic is behind us and the oft-predicted recession is yet to materialize.

Taken together, workers are planning vacations this Summer at record-breaking levels.

We’re tired, we’re working hard, and we can’t wait to put up that symbolic “gone fishing” sign. To get the most fun from your well-deserved break, remember that cybercriminals see your vacation as a “gone phishing” opportunity. 

Specific to the workplace, there are two types of phishing that can trick employees when vacation is on their minds: 

1. Email Phishing: Watch out for emails that appear to come from a trusted source, like your bank or credit card company. Always check the email address of the sender carefully. Don’t click on links or reply with personal information. If it might be legitimately important, log on to the website or call the sender using the contact information you already have.  
2. Out-of-Office Phishing: It’s easier to get fooled by an urgent message from the office when you are sitting on the beach. Attackers take advantage of employees being out of the office to send phishing emails impersonating senior executives or HR personnel asking for urgent action or sensitive information. Always verify such requests by calling your office. Click here for a deeper dive into Business Email Compromise. 

Then there are the scams we need to keep in mind when taking vacation regardless of our workplace situation:

1. Rental Scams: This type of phishing attack involves the use of fake vacation rental listings. Cybercriminals can create these listings to get people to pay for accommodations that don’t exist. Always verify the legitimacy of any rental listings you come across. 
2. Wi-Fi Scams: Free public Wi-Fi can be a breeding ground for phishing attacks. Always use a secure, private network when you’re sharing sensitive information like credit card numbers or personal identification. Avoid logging into your work email or other sensitive accounts from unsecured public Wi-Fi networks. Never do online banking when you are using a public Wi-Fi connection. 
3. Restaurant Reservation Scams: It is very common for restaurant websites to use OpenTable™ or Resy™ when a visitor makes a reservation. So, we are used to getting emails from companies like this. Phishing versions of these emails are dangerous because it can seem logical that you might be asked for credit card information. But, these systems don’t do that. It’s phishing.
4. Travel Scams: Fake travel deals or booking confirmations are common during the holiday season. These may appear as special discount offers or notifications about changes in your flight schedule. Be suspicious of any email asking you to urgently confirm or cancel your reservations. These messages are hoping to capture your login information. 

We all deserve a vacation where we can let go of everyday stress. The old saying “gone fishing” means we are out of touch for the moment and we all deserve a chance to disconnect. So, just stay vigilant and remember that “gone fishing” means “go phishing” for the bad guys.