The holiday season is synonymous with intensive e-mail exchanges (greeting cards, promotions, partner messages). Unfortunately, it is also a time of increasing phishing attacks. These increasingly sophisticated threats target our customers and their partners.
Here are the essential points to keep you on your toes.
Recent trends
🤝 ❌ Phishing via compromised partners
In recent weeks in French-speaking Switzerlandseveral incidents have been detected in which fraudulent e-mails originated from legitimate partners, making the threat more credible.
📧 🚫 Encrypted attachments
Cybercriminals can sometimes use password-protected files to bypass spam filters. These attachments should be treated with extreme caution.
Advanced techniques: beware of the man-in-the-middle trap.
Today's cybercriminals use highly advanced techniques: they create login pages that are almost identical to the real thing, with the real Microsoft or even your company logo. This makes the trap very believable. But even if everything looks authentic, you still need to be vigilant!
Hackers create a fake authentication page that looks exactly like the real one. When you enter your login and password, then validate the double authentication (MFA), this information is retrieved by the hacker, who then reinjects it on the real Microsoft page. In this way, he gains access to your account without you even realizing it.
👉 The essential reflex: even if the page looks exactly like Microsoft's or your company's, always check the URL in the address bar. It's the best way to avoid this kind of trap.
Why vigilance is crucial right now ?
The end of the year brings a surge in incoming e-mails (Christmas cards, promotions), increasing the risk of a malicious message being opened. A single click can be enough to compromise sensitive data.
Our recommendations for enhanced safety
- Always check the URL before entering your credentials, even if the logo looks authentic.
- Pay close attention to location when validating MFA: a request from an unusual country is suspect.
- Treat encrypted attachments with suspicion and alert your IT support before opening an unexpected file.
- Contact your IT support team in case of doubt, especially for unexpected e-mails or those from partners.
- Check the identity of your contacts, even if they present themselves as known suppliers or partners.
Things to remember this holiday season
Cybersecurity is everyone's business. In these risky times, adopt these best practices and remain vigilant.
If you have any questions or doubts, please contact us immediately or your IT support.
