6 Sneaky Phishing Scams To Watch Out For This Holiday Season


December 20, 2016

Cybercrime is a serious issue year round, but there is something about the holiday season that seems to bring out the very worst in the type of people who happily profit by preying on others. Phishing scams have long been a favorite tool of cybercriminals, and many are using this particular tool to their advantage right now, successfully targeting users who may not be as diligent as they normally are during the less hectic and stressful months. These 6 scams in particular are wreaking havoc on unsuspecting users this December.

  1. Fake Receipts and Invoices – With so many people doing most or all of their holiday shopping online, there is a noticeable increase in the number of invoices, receipts, and order confirmations popping up in everyone’s inboxes. It can easily reach a point where you’re not entirely sure of what you’ve ordered from where. Scammers capitalize on this confusion, sending out fake invoices and receipts in the hopes that an oblivious user will open something they really shouldn’t have. One of the more popular ways of sneaking malware past IT security measures is to hide the malicious code in an attachment. Normally, an unexpected message from Amazon would raise a red flag, but this time of year many users would open the attached PDF without a second thought.
  2. Fake Shipping Status Alerts – Just like these phony invoices, fake shipping notifications and updates are finding their way into unsuspecting users’ inboxes. This tactic tends to have a higher success rate for hackers, because instead of relying on tricking someone with a fake purchase, it instead makes the user worry that there is a problem with a purchase they know for sure that they’ve made. A notice from “UPS” letting you know your package is delayed is bound to get a click-through from a user who is in fact expecting a delivery via UPS. That moment of “Oh crap!” when the user spots the message is what hackers are banking on.
  3. Fake Flyers and Deals – Anyone who spends any amount of money online at any point during the year will find themselves the recipient of an endless wave of emails each day during the holiday rush, advertising special offers and discounts from websites they have frequented in the past. Some users delete the dozen or so daily messages without ever bothering to read them, while others are more than happy to take a look at what’s being offered. If you fall into the second category, while skimming through these messages, be on alert for emails from stores or vendors you have never shopped with before. These emails may be advertising a great deal, but chances are the only thing you’ll end up with by clicking through is a malware infection, or stolen funds from an order you’ve placed and will never receive.
  4. Malicious Embedded Links – Infected attachments may be a favorite tactic of hackers and scammers, but embedded links are just as common a method for downloading malware to a system, or redirecting the user to an infected website. You can save yourself a lot of trouble by taking a few extra seconds to hover your mouse over any link that finds its way into your inbox. The hyperlink may look legitimate, but the link itself may tell a completely different story. If the link is completely different than what is being advertised, or contains a jumble of characters and a domain name that vaguely resembles the domain in the hyperlink, do not click.
  5. Unauthorized Transactions – Whether you’re an avid online shopper, or prefer to do your purchasing in person, it’s always a good idea to keep an eye on your bank accounts; and it’s especially critical around the holidays. Keeping track of dozens of purchases can be a challenge, but checking your account balances routinely can help you to catch discrepancies that could be indicators of something not so jolly. By ignoring changes to your balance, you could be missing the fact that not all of your purchases were actually made by you. All it takes is one website with lax security standards to lose your credit card information to a hacker, and you’ll find yourself stuck footing the bill for someone else’s shopping habits.
  6. Fake Customer Surveys – While you can understand the purpose behind them, requests to rate purchases, apps, and sites can be annoying. Which is why you appreciate it when the sender is offering you something in return for your time. However, online surveys offering cash or gift cards as a reward for completing them can often end up being a scam. The difference between a legitimate offer from a legitimate business and a phishing attempt can usually be found in those last few questions. If a survey asks for personal or financial information, it’s extremely likely that the survey is a cybercriminal’s way of stealing your identity, or collecting information to set up a more advanced phishing scam.

Generally, the bulk of these threats are intended to target individual users. But if one of your employees happens to trigger an infection or intrusion from their workstation, or any device that is connected to your business’ network, a hacker that is hoping to get a hold of personal data would be more than happy to instead help themselves to any and all sensitive data stored on your systems and network. The resulting data breach can devastate your business, damaging your reputation, undermining the trust placed in you by your clients, and costing you thousands in lost productivity, fines, and legal fees.

Get in touch with your IT provider to make sure that you have the right network security measures in place, and that your firewall, antivirus, and antimalware programs are up to date with all of the latest patches.

Want to find out more about the steps you can take to protect your business from cyber threats? Contact us at sales@integrisit.com or (888) 330-8808. We are the trusted IT professionals for businesses in Baltimore, Washington, DC And Across Maryland.

We're Integris. We're always working to empower people through technology.

Keep reading

4 Cybersecurity Takeaways from China’s Largest Data Breach

4 Cybersecurity Takeaways from China’s Largest Data Breach

Cybersecurity drama strikes again as human error leads to China's biggest data breach and perhaps the most significant hack of personal information in history. According to Threat Post, the incident was triggered after a Chinese government software developer wrote a...