The Dangers Of Scam Emails During The Holiday Season

It’s the most wonderful time of the year! The holidays are a time of family, good food, and giving gifts to those we love. However, it’s also the time of year that scammers take advantage of your good cheer. When we did our Christmas shopping at malls and department stores, we didn’t have to sift through dozens of emails stating our order was confirmed or our order had shipped. Now, we rely on our emails to keep track of nearly every gift we give, and cybercriminals know this. So in between sending your season’s greetings, you also need to stay vigilant.

What is a scam or phishing email?

Scam and phishing emails intentionally make themselves look to be from a legitimate source, and during the holiday season, many of their go-to sources would be completely relevant. They pretend to be banks, online retailers, and shipping companies. They’ll request personal information, like passwords and credit card details, by using urgency tactics – like saying your credit card declined for an order and you’ll need to re-enter the information. These emails generally contain malicious links to fake websites, often that look nearly identical to real websites, that will capture personal data. They may also include attachments that can infect your computer with malware when opened. These attachments may be under the guise of a photo of a product you might have ordered. Emails might also include fake offers or claim that you won a free gift, which might sound especially good after all the money we spend during the holiday season.

Why do scammers thrive during the holidays?

With the increase in online shopping during the holiday season, we’re on more websites and spending more money than we generally are most of the year. It gets convoluted, sifting through the emails of order receipts and shipping tracking. This influx of emails makes it much easier for scammers to hide in all the noise. More emails and busier schedules mean you’re probably not as cautiously reviewing your emails as normal, which means you’re more likely to fall for it. Scammers will likely use one of these common scams to try to trick you:

1. Fake shipping or delivery notifications pretending to be from Amazon, FedEx, or UPS. Unless you ordered the item the email mentions, don’t trust this.
2. Fraudulent Black Friday/Cyber Monday deals or fake gift card offers. Again, this will probably be from scammers pretending to be different sites like Amazon, Etsy, a department store, or any other major retailer.
3. Fake charity solicitations. Year-end giving is a very easy way for scammers to take advantage of you. To be safe, go to a website directly if there’s a particular charity you want to give to.
4. Spoofed retailer emails. These emails will often say that you need to confirm your order (instead of an order confirmation), or that payment failed.
5. Holiday travel scams. Again, your best bet will be going to these sources directly for booking a trip, not clicking a link in an email to book.

How can I spot a phishing email?

These emails often have some of the characteristics, particularly the following:

1. Suspicious sender emails or email domains. If you aren’t sure if an email domain is from an official company domain, look it up before you do anything else. The sender’s email address may also contain numbers and letters in a random, nonsensical order.
2. Typos, poor grammar, or odd language. If it seems like the person doesn’t speak the language they’re emailing you in or there are words where numbers or symbols are being swapped for letters.
3. Requests for personal information or financial details. If you think your bank or anything you have paid for is requesting credit card information, try going directly to the apps or websites of these institutions, or call them to confirm that the email is real. A company won’t ask for credit card information as a reply to the email.
4. Unexpected attachments or links. Unless you know the sender personally or you can confirm that it is from a verified source, a good rule of thumb is to not ever open any attachments or click links.
5. Generic greetings. Not using your name, but instead using “Dear customer” or something similar is a major red flag.

How can I protect myself from scam emails?

In order to keep yourself safe, you should use a spam filter and email security software. Your company’s email address should already have this in place, but if you want your personal email address to be just as safe, you can look into a software that will protect your inbox, such as Microsoft Defender for Office 365, Mimecast, Proofpoint Email Protection, or Barracuda Email Security Gateway. You should also always keep your software and operating systems updated. This is vital to overall device security. If ever you’re using a public wifi, avoid entering any sensitive information. Enable multi-factor authentication (MFA) on any logins you can. During the holiday season especially, but ideally all year long, regularly check your bank statements and transaction history for any suspicious activity.

What do I do if I fall victim to a phishing attack?

If you found this blog post too late and you were caught in a scam, you need to act fast to get your information locked back down.

1. If it’s your company email, immediately report this to your IT department or Managed Service Provider (MSP).
2. Change your passwords.
3. Alert any affected financial institutions. If you have your banking app on your phone, freeze all affected cards immediately.
4. Report the incident to relevant authorities, like the Federal Trade Commission and Anti-Phishing Working Group.
5. Take the necessary steps to mitigate damage and recover compromised accounts or personal information.

As much as we may want to take the holidays to relax, or as much as the holidays may already add too much to your to-do list, you have to stay vigilant to stay safe. Those who do not regularly use technology, like older generations, are going to be the most at risk. Tell your friends and family how to stay safe to keep the season bright!

If your business could use a refresher on cybersecurity, feel free to give us a call or submit your information on our “Contact Us” today page. We’d be happy to give a presentation to your business or help you boost your cybersecurity.