Four Holiday Phishing Scams To Avoid

It’s that special time of year, chestnuts roasting by an open fire and Jack Frost nipping at your nose; the holiday season is upon us.  Along with the Christmas trees, presents, gatherings, and holiday cheer come opportunities for the Bad Guys to go on the offensive. Phishing attacks spike during the holiday season every year, it is a perfect time for cybercriminals to prey on isolation, stress, and urgency to get consumers to act quickly. With this in mind, the good folks at Greathorn Security list four scams you should be aware of this holiday season:

Fraudulent Shipping Notices

The Coronavirus pandemic has forced a good many of us to do our shopping online instead of the usual trips to brick and mortar stores.  Every item you buy and have shipped comes along with one or more shipping notices and the Bad Guys know it.  Mixed in with the legitimate notices, you can expect to see phishing attempts.  They might contain links to click that will take you to impersonated web sites where you are to supply your financial details, or they might contain attachments dressed up as receipts and the like that will actually contain malware designed to capture your keystrokes, install ransomware, or steal data.  To avoid this scam, don't open attachments from suspicious email IDs and do not click on links for external pages.  Legitimate e-commerce sites will provide your shipping details in the body of the email and use a standard email address, such as shipping@domain.com or customerservice@domain.com. Malicious emails use a more generic domain such as amazon123@gmail.com or zapposcustomercare@yahoo.com.

Charity Frauds

This scam tries to trick recipients into believing they’re donating money to a charity.  Usually this charity organization does not exist and the scammers are betting you won’t have the time or enough curiosity to check it out before you hit the Donate button.  This year, phishing campaigns are likely to exploit COVID-19 to convince folks to donate to coronavirus-related charities.  To avoid this scam, check the charity!  Legal and legitimate charities are registered, you can cross-check the organization's credentials with a public database to see if it's genuine.  Also, avoid responding to any strangers who ask for money upfront through an email.

Gift Card/Coupon Scam

Gift cards and coupons are an easy sell, a big reason this type of fraud is popular among cybercriminals.  With MANY of us shopping online for the holidays this year, more scammers are likely to use them to steal money from unsuspecting consumers.  In this scam, the phishing email typically offers an unbelievable deal on a popular product for a short time only, creating a sense of urgency – ACT NOW!!!  The attackers, however, will ask for payment through gift cards instead of traditional online payment methods.  To avoid this scam, be wary of any coupons that offer to-good-to-be-true deals and discounts on popular items.  Any “seller” who will only accept gift cards for payment should be avoided like the plague, gift cards give you ZERO recourse to get your money back.

Travel Phishing Scams

After being cooped up at home for the better part of a year, most of us would find a vacation to some exotic ports of call almost impossible to resist.  So, you run off and book your vacation, but shortly thereafter, you receive an email stating that due to the COVID-19 pandemic, your trip has been cancelled and you’re directed to a web site to fill out a refund claim form.  This certainly seems like a standard procedure, but therein lies the catch. The link leads folks to a phishing site where scammers try to capture their personal information.  To avoid this scam, CAREFULLY check the sender and web site addresses on any such emails you receive. Two warning signs: The external site uses http:// instead of https://, and the email domain points to Gmail, AOL, or Yahoo. Don't enter any information on a third-party app or website and beware of social media requests.  No airline or travel company will ask to sign into your social networking accounts.

While these four types of phishing attacks are the most common in the current climate, there are a good many more. Please beware of any communication that requires you to disclose your personal information without giving you enough information needed to verify the institution’s or person’s legitimacy. Always double check sources making unusual requests to collect your personal data.