Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week we’re looking at three ways you can avoid falling victim to a vishing attack. Huge discounts, massive promotional campaigns, and a cheerful festive spirit—the holiday season is officially in full swing! ‘Tis the season of joy and giving, but it looks like some people may have missed the memo.

As the most downloaded app in the world right now, the number of TEMU impersonation emails has increased by 112% since October 1st, 2023. As discounts and spending-based reward coupons form a substantial part of TEMU’s awareness campaigns, the company is reportedly spending $2bn annually on marketing. As the brand continues to grow in popularity, cybercriminals are increasingly leveraging it to lend authenticity to their spoofing attempts.

Did you know that nine out of 10 companies detected software supply chain risks in the past 12 months? The increase in the number of dependencies in a supply chain has extended the attack surface for adversaries. It has also caused threat actors to shift their focus from the downstream chain affecting just end users to the upstream chain affecting vendors, customers, and end users alike.

Cybercriminals are increasingly using QR codes in their phishing campaigns to trick users and obtain their email account information, credentials, or sensitive data. This tactic to obtain credentials known as quishing, or QR code phishing, was first observed at scale in May of this year, when a group of cybercriminals spoofed Microsoft security alerts asking employees across multiple industries to scan a QR code to update their account security settings.

A recent article from The Hacker News highlights the challenges and significance of cybersecurity awareness training within organizations. As companies budget for 2024, many are allocating funds for employee security awareness training. However, the effectiveness of such training has come into question, given the behaviors in the workplace including phishing attacks and social engineering.

As more cybercriminal gangs continue to enter the game, the massive increase in unique types of malware means it will become increasingly difficult to identify and stop attacks. Blackberry just put out their Global Threat Intelligence Report in November, covering June through August of this year. According to the report, the number of attacks identified and stopped in the three-month period covered equates to an average of 26 attacks per minute.

An email account takeover is a type of account takeover attack in which a cybercriminal gains unauthorized access to a user’s email account. Cybercriminals can gain access by stealing your email’s login credentials or finding them on the dark web. When a cybercriminal has gained access to your email account, they can lock you out of your account, monitor your activity, access your sensitive information, take over other accounts and impersonate you.