Back to Kora Blog
Merchant Security Awareness

Security Awareness: Social Engineering Red Flags for the holidays

December 22, 2023
December 22, 2023
3 mins read
Cybersecurity Risk & Governance

Editor's note:

Cybercriminals have upped their game. Have you? Look out for these red flags so you don’t fall for cybercriminals’ tricks.


Email Phishing

Phishing is still the most common attack cybercriminals use to trick people.

Before reacting always remember to check: 

  • The subject line 
  • To, From, and Reply to lines 
  • Time and Date lines 
  • Links and attachments 
  • Urgency to action

QR Codes 

QR code scams are on the rise and unfortunately here to stay. These codes can be linked to malicious websites and download spyware on your devices.

Be sure to: Avoid scanning codes without knowledge of their origin.


Cybercriminals will attach ransomware, a type of malware, to links and attachments found in emails that will lock users out of their system if clicked on.


  • Don’t pay that ransom! Paying the ransom does not guarantee you will receive your data back. 
  • Always double-check any links or attachments found in emails.

Social Media attacks

Oversharing on social media has made cybercriminal attacks more effective since the attacks can be more tailored to potential victims.

Be wary of: 

  • Profiles with model-like photos 
  • Profiles with few connections 
  • Generic profile information 
  • Direct messages posing as government officials or copyright violations

Red flags are signs of danger or a problem. Protect yourself and your organisation from cybercriminals by being aware of these warning signs and knowing actions to stay safe. 

Other Common Red Flags

  • Someone you don’t know follows you or your co-workers inside the office.
  • Someone looking at your screen or watching what you type.
  • Social media connection requests from someone you don’t recognise
  • Receiving an unusual request from someone you know
  • Requests that offer you something in exchange for private organisational information. 
  • Unsolicited emails, phone calls, and voice or text messages.
  • Urgent requests to take an action.

How to protect yourself from social engineering

  • Pay attention to your surroundings and safeguard organisational information.
  • Keep confidential information and devices locked up/secured when not in use.
  • Don’t accept unsolicited requests; report them to the service. 
  • Contact the person directly to verify it’s legitimate.
  • Be cautious before sharing any personal or organisational information.
  • Follow your organisation’s security policies for handling suspicious correspondences.
  • Never act on emotion and take the time to verify the request is legitimate.
  • Contact security about unknown individuals.

Red flags are everywhere. You just need to know how to spot them. This holiday season, remember to stop, look, and think before taking any action!