Merry Christmas my dedicated readers. I cannot believe the holidays are upon us and that 2022 is about to end. This was another year of growing cybersecurity challenges and we have been working hard to protect our organization and each other. This cyber battle is not going to end so we have to remain vigilant, informed, trained and aware.

I only have one article this holiday Cybersecurity Friday, but it is a good one. We also have a fun iPhone tip and of course - yet another reported data breach.

According to the Federal Bureau of Investigation, phishing attempts greatly increase in scope during the holidays. It's not just me sounding this alarm but the FBI as well. 

Here are six “red flags” that should trigger phishing alarm bells in your head, broken down by where you might find them in your inbox.

1. FROM

Start with the email’s sender. Do you recognize the email address as one you’ve communicated with in the past?

Check the email address and URL for misspellings that might be easy to miss at a quick glance, like “micorsoft-support.com,” Mitnick says. Those are likely from a scammer who’s hoping you won’t look too closely.

If you don’t know the sender personally, and they haven’t been vouched for by someone you trust, proceed with caution.

2. TO

Look closely at any other recipients of the email: Scammers will sometimes spam multiple email addresses at once to save time, Mitnick says.

If there are other recipients listed on the email and you don’t recognize any of their email addresses — or if they all have names that start with the same letter as yours — that’s another potential red flag.

3. Hyperlinks and attachments

If you’re suspicious of an email, be wary of clicking on any links contained in the message.

You can try to confirm your suspicions by hovering your mouse over the hyperlinks to see where they’d lead. If the URL that pops up is from a different website than what the email claims, or it contains misspellings of a known site, that’s a “big red flag,” says Mitnick.

Another red flag: if the email contains an unexpected attachment, or an attached file that seems unrelated to the subject of the email. Don’t click links or download attachments unless you are absolutely sure they’re legitimate.

4. Date

If you receive a "work email" sent outside of regular business hours — like 3 a.m. — and it’s not from someone who you work with be extra cautious.

5. Subject

Be suspicious if the email’s subject line is irrelevant or doesn’t match the message in the body of the email.

6. Content

Be on the lookout for messages attempting to get rise out of you, either by offering something of value for free or threatening negative consequences. Around the holidays, that could mean a free gift offer or a message from a retailer or your bank claiming that one of your purchases didn’t go through, and you need to re-enter your credit card information.

Scammers often try creating a “sense of urgency” to get you to ignore other suspicious signs and comply with their requests, Mitnick and other cybersecurity experts note.

Be extra suspicious if the email is unexpected or unusual looking, perhaps with poor grammar and spelling mistakes. Representatives of a major retailers or financial institutions are likely to only send highly polished messages.

This Data Breach pains me - it really does. I am not concerned that much but I have to ask myself, why? why? LastPass you should be better than this.

LastPass Data Breach

Password manager Lastpass has told some customers that their information was accessed during a recent security breach. According to LastPass, however, no passwords were accessed by the intruder. This is not the first time LastPass has fallen victim to a breach of their systems this year – someone broke into their development environment in August, but again, no passwords were accessed.