2020 has already been an active year for phishing scammers. The coronavirus pandemic caused a rise in phishing of 667% earlier this spring, and attacks have continued throughout the summer.
Now that fall is here and the holiday season is just around the corner, a slew of new seasonal phishing attacks is about to be unleashed. If you’re not properly prepared with basic phishing awareness and cybersecurityprotections, you could end up with a data breach, the victim of identity theft, or with a ransomware infection.
Phishing scams over the holidays often take advantage of the busyness of the season and the flurry of additional online shopping emails that people will generally receive.
There are also often emails coming in that we don’t see during the rest of the year related to holiday activities, and scammers take advantage of these as well.
One of the first steps to prevention of security threats is knowing what types of scams to look out for and be aware that they may be landing in your inbox. Well prepared employees that are armed with the knowledge they need can have a big positive impact on your overall cybersecurity.
Consistent employee cybersecurity awareness training reduces the risk of a successful attack by 40-50%.
Be On the Lookout for These Holiday Phishing Scams
Fake Purchase Receipts
One favorite scam of phishing attackers is to send purchase receipts that spoof the look of popular online retailers like Amazon. They’re designed to get someone to immediately feel something is wrong because they didn’t order the specified item.
They click the link, and it may either take them to a malicious site that does a drive-by download of malware or to a spoofed login page, where their login is stolen.
Hovering over links without clicking reveals the real hyperlink and can be an easy way to identify a message as fake.
Bogus Shipment Tracking Messages
Scammers take advantage of the fact that many employees will have shipment tracking notifications for various online purchases coming into their inboxes in the weeks leading up to the holidays.
It’s easy for them to spoof a message that replicates the look of a UPS or FedEx tracking notice. A person may then think it’s related to something they recently ordered and click the link without thinking about it, only to be directed to a malicious site.
A good rule of thumb is to never go to a site from the email link, especially one that you have to log into. If you receive a tracking notice, go to the website you ordered from directly to check for tracking notices.
Another phishing scam that often causes people to click without thinking is a request for a year-end customer appreciation survey. It’s not unusual for vendors to send these at the end of the year; your own company may use them as well.
Since employees are used to seeing these around the holidays, they’ll often trust them and may not realize one is a phishing scam.
If you receive a year-end survey request, it’s always best to check with the noted vendor through the contact information you have on file with them to ask if it’s legitimate before taking action.
Ecards are meant to be a nice way to reach out electronically and they’ll often be sent around the holidays from companies to their customers. Unfortunately, this is another seasonal activity that phishing scammers jump right into.
Holiday email cards will often have links to view the interactive card. This makes it easy for a phishing attacker to put in a link to a malicious site or a login form, where they try to capture email account details.
It’s important for employees to know that they should never have to enter any password to view an eCard. One of the best protections companies can put in place to combat malicious URLs is a DNS filter that will block malicious sites even after a user clicks a phishing link.
Fake Coupons & Deals
Phishing emailers will take advantage of Black Friday, Cyber Monday and the flurry of deals that are being emailed out throughout the holiday season. Employees should watch out for these types of scams that will also use the same tactics of spoofing a retailer’s email signature.
Most retailers have the same deals that they email posted clearly on their website. So, it’s always best to go directly to the website to look for any deals you’ve received by email rather than taking a chance and clicking on a link in the email itself.
Keep Your Office Safe with Managed IT Security from Connect2Geek
We can keep your network monitored for any threats and put systems in place, like DNS filtering, to protect employees from phishing websites.
Schedule a free cybersecurity consultation today! Call 208-468-4323 or reach out online.