Summer phishing trip

by Jon Lober | NOC Technology

When you go on vacation, scammers go to work.

How cybercriminals take advantage of summer travel to steal your money and information.

As a managed service provider, we are confronted with unceasing reminders of the very real threat of cybercrime. As we work with our customers to protect their organizations, we often get front row seats to phishing attempts.  One of NOC’s customers recently informed us that they were the target of a typical summertime phishing scam. Here is how it played out. 


The CEO was out of the office for their annual June vacation. While she was gone, the CFO and one of the organization’s administrators received an email from her requesting them to change her payroll deposit information to a new account. Thanks to their awareness training, they double-checked the sender’s email address and immediately saw that it had been spoofed—avoiding a painful loss of deposits to the scammer. 


This type of scheme is extremely common—and often successful since utilizes several effective social engineering techniques: authority (the email appeared to be from “the boss”), a break in routine (the CEO was on vacation), and inside information (the scammer knew that the CEO was out on vacation). 


It is not clear how the scammer became aware of the CEO’s travel schedule, but they were certainly prepared to strike as soon as she left the office. Summer vacation season in the United States disrupts business as usual for most companies, and cybercriminals have learned to take advantage of the opportunity. 


As you travel, or prepare to travel this summer, we want you to be prepared. We will start by looking at a few popular frauds that are making the rounds this summer in addition to some red flags for detecting them and methods to protect yourself. 


Popular Summer Scams


1. Rental scams

Unfortunately, cybercriminals have figured out that you are worried about inflation’s impact on the cost of your vacation. Travel website Hopper is seeing people return to check prices 50% more than previous years, and McAfee reports that 35% of vacation planners intend to use sites that they have never used before to check for deals. This opens the door for opportunistic scammers to steal your information through false or compromised sites. This includes hotels, air travel, resorts, and especially rental properties. 


If you are one of the half-billion people who stayed at an Airbnb last year, you understand the background stress that can nag at you prior to check-in at a rental. Will you be able to find it? Will it be in decent shape? Will you be able to get inside? Fortunately, mainstream sites like Airbnb and Vrbo are pretty reliable. 


Would-be scammers use other sites or attempt to pull you away from those legitimate, reliable sites towards other web pages where they can steal your information or your money. Scammers take advantage of your quest for a great deal by leading you away from mainstream sites to book you at a nonexistent property, request a sizeable deposit for a fake stay, or offer to hold your money in an escrow account until you can see the property for yourself (which you never will). 


You can avoid these headaches with a few simple safeguards. Stick to reputable rental and booking websites and do not navigate away from them at any point for additional information or to make payment. Only message through the dedicated platform (do not text or email off the main website). If you doubt the veracity of a specific location, you can try to call to talk with a real person and see if they know the area they claim to represent. 

 

2. Business Email Compromise (BEC) vacation schemes

As we mentioned in our introduction, we see BEC attacks with increasing frequency. In fact, the everyday economic impact of BEC far outweighs the costs of ransomware attacks. The attacks are far easier to carry out than more technical methods, and the payoffs can be enormous. Another common example is the case of Patricia Reilley. 


Scammers impersonated Reilley’s boss while she was on vacation, requesting that Reilley make a sizeable transfer from one account to another in her absence. Reilley’s compliance resulted in the loss of $138,000 and her job. To add insult to injury, Reilley’s employer also sued her for losses resulting from the scam, though a judge eventually cleared her of liability. 


Once a cybercriminal has done their research and engineered a phishing attempt, technology cannot protect against the outcome. Humans are the last line of defense in this type of scam—and the most vulnerable. 


Employee awareness training can prevent most such phishing attempts. Our opening story in this article is only one of many we see annually. BEC threats are a constant part of the business landscape now. If you have not yet confronted such an attempt, you will. 


However, with ongoing awareness training, employees can increase their defense against BEC attacks and help you to avoid financial disaster. Phishing simulations can heighten sensitivity to this type of cybercrime. In such a scenario, a cybersecurity professional sends “benevolent phishing” emails to your staff to determine how many of your employees are likely to fall for BEC. 


Once you have your initial results, a cybersecurity professional or MSP (Managed Services Provider) can work with you to reduce the click rate through targeted training and regular simulations to keep employees sharp. 


3. Human Resources PTO-request scams 

This one is a bit newer in the cybercrime landscape, but it is already leaving a mark on afflicted businesses. 


Many companies try to prevent employee vacations from overlapping so that they do not end up short-staffed at a critical moment. Phishers are now taking advantage of this fact through a cruel scheme that preys on an employee’s inherent trust of HR communications and desire for a timely vacation.   


In this fraud, a cybercriminal sends an email to employees that appears to be from the company’s HR department, requesting that the employee enter their request for vacation time. When the employee follows the link and tries to sign in on the compromised page, the scammer steals the login information. 



Avoid falling prey to this scheme by following email security best practices. Examine the sender’s actual e-mail address. Hover over the file path of any links to make sure they match what is communicated and seem legitimate. Consider whether the tone and language of the email matches normal HR communications in your business. 

Tech upgrades that will boost employee safety in sheltered workshops
By Jon Lober April 15, 2025
At NOC Technology, we've worked with Missouri sheltered workshops for over seven years, and I've witnessed firsthand how the right technological implementations can transform sheltered workshop environments. Today, I'd like to share some insights on leveraging modern technology to create safer workspaces while maintaining the dignity and privacy of all participants. The Unique Safety Challenges of Sheltered Workshops Sheltered workshops provide valuable employment opportunities for individuals with disabilities, but they also present unique safety considerations. Workers may have varying levels of physical mobility, cognitive processing, and sensory perception—all of which can impact how they respond to traditional safety measures. Additionally, the production environments often involve machinery, tools, and materials that require careful monitoring and management. The Role of Smart Technology in Safety Advancements in smart technology provide real-time safety monitoring, immediate alerts for potential hazards, and improved emergency response times. Let’s explore some key technologies and their benefits in sheltered workshop environments. Personalized Alert Systems Traditional emergency alarms can be overwhelming for individuals with sensory sensitivities. Smart alert systems can deliver personalized notifications through: Vibrating wristbands that alert workers without auditory overload Visual notification systems with customizable colors and patterns Tablet-based communication for workers who benefit from visual cues Location-specific alerts that only notify those in affected areas We recently implemented a multi-modal alert system at a workshop in central Missouri that reduced anxiety-related incidents during emergency drills by 65% . Environmental Monitoring Maintaining optimal environmental conditions is crucial for both safety and productivity: Temperature and humidity sensors that automatically adjust HVAC systems Air quality monitors that detect potentially harmful particulates Noise level monitoring to prevent sensory overload Automated ventilation systems that activate when chemical levels exceed thresholds These systems not only protect workers but also provide documented compliance with OSHA regulations. Enhanced Supervision through Smart Cameras Security cameras have evolved beyond simple surveillance. Modern systems can: Detect unusual patterns that might indicate a worker in distress Monitor restricted areas without constant staff presence Identify when machinery is being used incorrectly Alert supervisors to potential safety hazards Important note: All camera systems should be implemented with strict privacy protocols and transparent policies. Workers and guardians should be fully informed about what is being monitored and why. In many cases, audio cannot be recorded, and the camera system must be configured to meet this requirement. Wearable Safety Technology Wearable devices offer personalized safety monitoring without stigmatization: Fall detection pendants that automatically alert staff Location tracking that helps locate workers in emergency situations Biometric monitoring for workers with health conditions Proximity sensors that prevent accidental entry into hazardous areas These wearables can be designed to look like standard ID badges or watches, preserving dignity while enhancing safety. Implementation Best Practices Successfully integrating smart technology into sheltered workshops requires careful planning: Involve all stakeholders: Workers, guardians, and staff should participate in selecting and implementing new technologies. Prioritize simplicity: Choose solutions that require minimal training and maintenance. Phase in gradually: Introduce new technologies in stages to allow everyone time to adapt. Balance automation with human oversight: Technology should supplement, not replace, trained staff. Respect privacy: Collect only essential data and maintain strong security protocols.
Could your sheltered workshop benefit from grant funding for new technology?
By Jon Lober April 7, 2025
As a sheltered workshop, you play a crucial role in providing meaningful employment opportunities for individuals with disabilities. However, like any organization, securing funding for technology upgrades can be a challenge. While investing in the right tools can improve efficiency, security, and overall productivity—that’s all only if you can afford the tools in the first place.
best office pranks for April Fools 2025
By Jon Lober March 31, 2025
Need April Fools pranks for your office? This list is technically harmless, but great fun. Happy pranking!
More Articles